Мобильная версияУ меня есть приложение с поддержкой безопасности (jwt), и я написал модульные тесты, чтобы убедиться, что фильтрация безопасности работает должным образом. В Spring Boot 3 эти модульные тесты работают нормально, однако после обновления до Spring Boot 4 они больше не работают. Однако приложение работает нормально и применяет фильтрацию безопасности, как и ожидалось.
Я отладил это и обнаружил, что проблема связана с порядком вызова фильтра. В Spring Boot 4 внутри WebMvcTest мой фильтр аутентификации вызывается в самом начале обработки запроса, еще до попытки его сопоставления (а затем еще раз при применении цепочки фильтров; это должен быть первый вызов). Этот первый вызов не происходит ни в версии Spring Boot 3, ни при запуске приложения. Именно этот первый вызов прерывает тест, поскольку аутентификация больше не устанавливается должным образом при запуске цепочки фильтров (это фильтр один раз для каждого запроса, поэтому он не вызывается повторно).
Похоже на ошибку в настройке безопасности/фильтрации внутри WebMvcTest; это явно отличается от того, как приложение обычно его настраивает. Но, возможно, я что-то упустил из виду или могу/должен сделать, чтобы исправить это в Spring Boot 4?
Я создал небольшой пример проекта, иллюстрирующий проблему, на github.
Пример журнала тестирования с Spring Boot 3:
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain defined as 'filterChain' in [class path resource [com/hayobaan/securitytest/security/SecurityConfiguration.class]] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Cors, Logout, JwtAuthentication, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, SessionManagement, ExceptionTranslation, Authorization] (1/1)
2025-12-22T14:00:49.617+01:00 DEBUG 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Securing GET /getUserInfo
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking JwtAuthenticationFilter (7/13)
2025-12-22T14:00:49.617+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:00:49.617+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilterInternal
2025-12-22T14:00:49.618+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Authenticated: UsernamePasswordAuthenticationToken [Principal=authenticatedUser, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[User]]
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated UsernamePasswordAuthenticationToken [Principal=authenticatedUser, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[User]]
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/1)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Authorizing GET /getUserInfo
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /getUserInfo using AuthorityAuthorizationManager[authorities=[User, Admin]]
2025-12-22T14:00:49.618+01:00 DEBUG 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Secured GET /getUserInfo
2025-12-22T14:00:49.618+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
Тот же журнал тестирования с Spring Boot 4 (трассировка стека удалена):
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilterInternal
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Authenticated: UsernamePasswordAuthenticationToken [Principal=authenticatedUser, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[User]]
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain defined as 'filterChain' in [class path resource [com/hayobaan/securitytest/security/SecurityConfiguration.class]] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Cors, Logout, JwtAuthentication, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, SessionManagement, ExceptionTranslation, Authorization] (1/1)
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Securing GET /getUserInfo
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [PathPattern [GET /logout], PathPattern [POST /logout], PathPattern [PUT /logout], PathPattern [DELETE /logout]]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking JwtAuthenticationFilter (7/13)
2025-12-22T14:02:58.045+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Authorizing GET /getUserInfo
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /getUserInfo using AuthorityAuthorizationManager[authorities=[User, Admin]]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.authorization.AuthorizationDeniedException: Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:99) ~[spring-security-web-7.0.0.jar:7.0.0]
...
2025-12-22T14:02:58.046+01:00 DEBUG 26270 --- [security-test] [ main] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2025-12-22T14:02:58.046+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
Подробнее здесь: https://stackoverflow.com/questions/798 ... ing-boot-4
Модульные тесты безопасности WebMvcTest больше не работают с Spring Boot 4 ⇐ JAVA
Программисты JAVA общаются здесь
1766569677
Anonymous
У меня есть приложение с поддержкой безопасности (jwt), и я написал модульные тесты, чтобы убедиться, что фильтрация безопасности работает должным образом. В Spring Boot 3 эти модульные тесты работают нормально, однако после обновления до Spring Boot 4 они больше не работают. Однако приложение работает нормально и применяет фильтрацию безопасности, как и ожидалось.
Я отладил это и обнаружил, что проблема связана с порядком вызова фильтра. В Spring Boot 4 внутри WebMvcTest мой фильтр аутентификации вызывается в самом начале обработки запроса, еще до попытки его сопоставления (а затем еще раз при применении цепочки фильтров; это должен быть первый вызов). Этот первый вызов не происходит ни в версии Spring Boot 3, ни при запуске приложения. Именно этот первый вызов прерывает тест, поскольку аутентификация больше не устанавливается должным образом при запуске цепочки фильтров (это фильтр один раз для каждого запроса, поэтому он не вызывается повторно).
Похоже на ошибку в настройке безопасности/фильтрации внутри WebMvcTest; это явно отличается от того, как приложение обычно его настраивает. Но, возможно, я что-то упустил из виду или могу/должен сделать, чтобы исправить это в Spring Boot 4?
Я создал небольшой пример проекта, иллюстрирующий проблему, на github.
Пример журнала тестирования с Spring Boot 3:
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain defined as 'filterChain' in [class path resource [com/hayobaan/securitytest/security/SecurityConfiguration.class]] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Cors, Logout, JwtAuthentication, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, SessionManagement, ExceptionTranslation, Authorization] (1/1)
2025-12-22T14:00:49.617+01:00 DEBUG 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Securing GET /getUserInfo
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2025-12-22T14:00:49.617+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking JwtAuthenticationFilter (7/13)
2025-12-22T14:00:49.617+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:00:49.617+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilterInternal
2025-12-22T14:00:49.618+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Authenticated: UsernamePasswordAuthenticationToken [Principal=authenticatedUser, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[User]]
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated UsernamePasswordAuthenticationToken [Principal=authenticatedUser, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[User]]
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/1)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Authorizing GET /getUserInfo
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /getUserInfo using AuthorityAuthorizationManager[authorities=[User, Admin]]
2025-12-22T14:00:49.618+01:00 DEBUG 25899 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Secured GET /getUserInfo
2025-12-22T14:00:49.618+01:00 DEBUG 25899 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:00:49.618+01:00 TRACE 25899 --- [security-test] [ main] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
Тот же журнал тестирования с Spring Boot 4 (трассировка стека удалена):
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilterInternal
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Authenticated: UsernamePasswordAuthenticationToken [Principal=authenticatedUser, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[User]]
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain defined as 'filterChain' in [class path resource [com/hayobaan/securitytest/security/SecurityConfiguration.class]] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Cors, Logout, JwtAuthentication, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, SessionManagement, ExceptionTranslation, Authorization] (1/1)
2025-12-22T14:02:58.044+01:00 DEBUG 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Securing GET /getUserInfo
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2025-12-22T14:02:58.044+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [PathPattern [GET /logout], PathPattern [POST /logout], PathPattern [PUT /logout], PathPattern [DELETE /logout]]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking JwtAuthenticationFilter (7/13)
2025-12-22T14:02:58.045+01:00 DEBUG 26270 --- [security-test] [ main] c.h.s.security.JwtAuthenticationFilter : Inside JwtAuthenticationFilter.doFilter
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Authorizing GET /getUserInfo
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /getUserInfo using AuthorityAuthorizationManager[authorities=[User, Admin]]
2025-12-22T14:02:58.045+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.authorization.AuthorizationDeniedException: Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:99) ~[spring-security-web-7.0.0.jar:7.0.0]
...
2025-12-22T14:02:58.046+01:00 DEBUG 26270 --- [security-test] [ main] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2025-12-22T14:02:58.046+01:00 TRACE 26270 --- [security-test] [ main] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
Подробнее здесь: [url]https://stackoverflow.com/questions/79852916/webmvctest-security-unit-tests-no-longer-working-with-spring-boot-4[/url]
Ответить
1 сообщение
• Страница 1 из 1
Перейти
- Кемерово-IT
- ↳ Javascript
- ↳ C#
- ↳ JAVA
- ↳ Elasticsearch aggregation
- ↳ Python
- ↳ Php
- ↳ Android
- ↳ Html
- ↳ Jquery
- ↳ C++
- ↳ IOS
- ↳ CSS
- ↳ Excel
- ↳ Linux
- ↳ Apache
- ↳ MySql
- Детский мир
- Для души
- ↳ Музыкальные инструменты даром
- ↳ Печатная продукция даром
- Внешняя красота и здоровье
- ↳ Одежда и обувь для взрослых даром
- ↳ Товары для здоровья
- ↳ Физкультура и спорт
- Техника - даром!
- ↳ Автомобилистам
- ↳ Компьютерная техника
- ↳ Плиты: газовые и электрические
- ↳ Холодильники
- ↳ Стиральные машины
- ↳ Телевизоры
- ↳ Телефоны, смартфоны, плашеты
- ↳ Швейные машинки
- ↳ Прочая электроника и техника
- ↳ Фототехника
- Ремонт и интерьер
- ↳ Стройматериалы, инструмент
- ↳ Мебель и предметы интерьера даром
- ↳ Cантехника
- Другие темы
- ↳ Разное даром
- ↳ Давай меняться!
- ↳ Отдам\возьму за копеечку
- ↳ Работа и подработка в Кемерове
- ↳ Давай с тобой поговорим...
