赞
踩
Spring Security是一个强大且高度可定制的身份验证和访问控制框架。天然与Spring整合,易扩展,引入jar包就可以用了,在boot自动装载下,不需要任何配置就可以控制资源访问。那么默认登录页是如何产生的呢?
内容 | 版本 |
---|---|
JDK | 17 |
spring-boot-starter-web | 3.2.2 |
spring-boot-starter-security | 3.2.2 |
spring-security | 6.2.1 |
访问 https://start.spring.io/ 自动生成项目
添加依赖 Spring Web、Spring Security
生成项目, 点击 GENERATE,会下载一个压缩包
添加 controller 代码
package com.example.security.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping(value = "/hello")
public String hello() {
return "Hello Security";
}
}
2024-02-01T23:19:18.288+08:00 INFO 15696 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@748ac6f3, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@68f6e55d, org.springframework.security.web.context.SecurityContextHolderFilter@3238e2aa, org.springframework.security.web.header.HeaderWriterFilter@71adfedd, org.springframework.web.filter.CorsFilter@6fff46bf, org.springframework.security.web.csrf.CsrfFilter@5f36c8e3, org.springframework.security.web.authentication.logout.LogoutFilter@217bf99e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@67022ea, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@38b3f208, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1835dc92, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7ec95456, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2577a95d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1668919e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3aaa3c39, org.springframework.security.web.access.ExceptionTranslationFilter@17e9bc9e, org.springframework.security.web.access.intercept.AuthorizationFilter@7327a447]
/** * Adds the {@link EnableWebSecurity @EnableWebSecurity} annotation if Spring Security * is on the classpath. This will make sure that the annotation is present with * default security auto-configuration and also if the user adds custom security and * forgets to add the annotation. If {@link EnableWebSecurity @EnableWebSecurity} has * already been added or if a bean with name * {@value BeanIds#SPRING_SECURITY_FILTER_CHAIN} has been configured by the user, this * will back-off. */ @Configuration(proxyBeanMethods = false) @ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN) @ConditionalOnClass(EnableWebSecurity.class) @EnableWebSecurity static class WebSecurityEnablerConfiguration { }
核心的注解类 org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
org.springframework.security.config.annotation.web.builders.WebSecurity#performBuild
在类org.springframework.security.web.FilterChainProxy.VirtualFilterChain#doFilter 加一个断点, 看每个过滤器做了啥
经过调试,发现默认页面在 org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter 这个类生成的,方法 generateLoginPageHtml
spring-boot-starter-security 默认会加载以下过滤器
[DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[ org.springframework.security.web.session.DisableEncodeUrlFilter@65a9ea3c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@70f68288, org.springframework.security.web.context.SecurityContextHolderFilter@22c53d82, org.springframework.security.web.header.HeaderWriterFilter@2577a95d, org.springframework.web.filter.CorsFilter@46911148, org.springframework.security.web.csrf.CsrfFilter@6d0be7ab, org.springframework.security.web.authentication.logout.LogoutFilter@58af5076, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1fbf088b, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3b4a1a75, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2db1b657, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@650c405c, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@68d6d775, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@b67cc70, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7e351d7, org.springframework.security.web.access.ExceptionTranslationFilter@9301672, org.springframework.security.web.access.intercept.AuthorizationFilter@11d045b4]]]
修改 application.properties 文件,增加日志配置
logging.level.org.springframework.security=TRACE
访问地址 http://localhost:8080/hello, 可以看到有详细的日志输出
2024-02-03T09:24:07.863+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eaa375c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2404b5a, org.springframework.security.web.context.SecurityContextHolderFilter@6088451e, org.springframework.security.web.header.HeaderWriterFilter@3ba3d4b6, org.springframework.web.filter.CorsFilter@3af58f76, org.springframework.security.web.csrf.CsrfFilter@6bcb12e6, org.springframework.security.web.authentication.logout.LogoutFilter@3a7e365, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f05c8d6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5416f8db, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2ead6ba4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7885776b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f10f633, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1642eeae, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31a2a9fa, org.springframework.security.web.access.ExceptionTranslationFilter@40de8f93, org.springframework.security.web.access.intercept.AuthorizationFilter@78422efb]] (1/1) 2024-02-03T09:24:07.864+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing GET /hello 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16) 2024-02-03T09:24:07.864+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (6/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS] 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST] 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (8/16) 2024-02-03T09:24:07.865+08:00 TRACE 13892 --- [nio-8080-exec-7] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST] 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (10/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]] 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking BasicAuthenticationFilter (11/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.www.BasicAuthenticationFilter : Did not process authentication request since failed to find username and password in Basic Authorization header 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/16) 2024-02-03T09:24:07.866+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (15/16) 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (16/16) 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@219ea36b] 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@219ea36b] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@2973568c 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 9103C6E281234FE6BA1B598A7FC64D41 using the SPRING_SECURITY_CONTEXT session attribute 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication] 2024-02-03T09:24:07.867+08:00 TRACE 13892 --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication] 2024-02-03T09:24:07.868+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=9103C6E281234FE6BA1B598A7FC64D41], Granted Authorities=[ROLE_ANONYMOUS]] 2024-02-03T09:24:07.868+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=9103C6E281234FE6BA1B598A7FC64D41], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied org.springframework.security.access.AccessDeniedException: Access Denied at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:181) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:189) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:175) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.1.jar:6.2.1] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.3.jar:6.1.3] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) ~[spring-security-config-6.2.1.jar:6.2.1] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.3.jar:6.1.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.3.jar:6.1.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.18.jar:10.1.18] at java.base/java.lang.Thread.run(Thread.java:842) ~[na:na] 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/hello?continue to session 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4f223bee, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]] 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@d902300 2024-02-03T09:24:07.878+08:00 DEBUG 13892 --- [nio-8080-exec-7] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/login 2024-02-03T09:24:07.878+08:00 TRACE 13892 --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure] 2024-02-03T09:24:07.885+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eaa375c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2404b5a, org.springframework.security.web.context.SecurityContextHolderFilter@6088451e, org.springframework.security.web.header.HeaderWriterFilter@3ba3d4b6, org.springframework.web.filter.CorsFilter@3af58f76, org.springframework.security.web.csrf.CsrfFilter@6bcb12e6, org.springframework.security.web.authentication.logout.LogoutFilter@3a7e365, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f05c8d6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5416f8db, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2ead6ba4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7885776b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f10f633, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1642eeae, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31a2a9fa, org.springframework.security.web.access.ExceptionTranslationFilter@40de8f93, org.springframework.security.web.access.intercept.AuthorizationFilter@78422efb]] (1/1) 2024-02-03T09:24:07.885+08:00 DEBUG 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Securing GET /login 2024-02-03T09:24:07.885+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (6/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS] 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST] 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (8/16) 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST] 2024-02-03T09:24:07.886+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16) 2024-02-03T09:24:07.887+08:00 TRACE 13892 --- [nio-8080-exec-8] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。