Spring безопасность — использование PreAuthenticatedAuthenticationToken

Spring безопасность — использование PreAuthenticatedAuthenticationToken ⇐ JAVA

1 сообщение • Страница 1 из 1

Anonymous

Spring безопасность — использование PreAuthenticatedAuthenticationToken

Цитата

Сообщение Anonymous » 27 июн 2024, 00:02

Я пробовал Spring Security, и после создания небольшого прототипа у меня возникла забавная ситуация, и я не могу понять, что я сделал не так.

Это простой сценарий, в котором:
Пользователь запрашивает пробную версию.
Система генерирует случайную строку и отправляет ссылку с этой строкой.
Пользователь нажимает на ссылку (или копирует ее в адресная строка в его/ее браузере), и система перенаправляется для установки пароля.

Все работает нормально до тех пор, пока пользователь не нажмет на ссылку.
ссылка отображается с использованием Spring MVC, и мой метод только проверяет, действительна ли строка и не истек ли срок ее действия. Затем, используя PreAuthenticatedAuthenticationToken, я регистрирую пользователя и перенаправляюсь на страницу пароля. (См. код ниже)

try {
SecurityIdentification securityIdentification = securityService.loadSecurityId(securityId);
User user = securityIdentification.getUser();
PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(user.getEmailAddress(), securityId, user.getAuthorities());

Authentication authentication = authenticationManager.authenticate(preAuthenticatedAuthenticationToken);

SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);

return "redirect:/password";

} catch (AuthenticationException e) {
model.addAttribute("message", e.getMessage());
model.addAttribute(new TrialForm());
return "trial";
}

Кроме того, вот мой XML-контекст. Я просто кладу бобы, чтобы сэкономить место.

name="userDetailsService"
ref="authenticator" />

Я реализовал UserDetails как «пользователя» моей сущности, а GrantedAuthority — как «роль» моей сущности. Я также реализовал службу AuthenticationUserDetailsService, которая ищет и загружает моего пользователя в базу данных.

Теперь... Наконец...

Проблема, с которой я столкнулся Я столкнулся с тем, что когда я предварительно аутентифицирую своего пользователя с помощью приведенного выше кода и перенаправляюсь на страницу пароля, Spring Security показывает мне страницу входа вместо страницы пароля, поскольку я ожидаю, что пользователь уже прошел аутентификацию.

Я видел несколько реализаций, и моя очень похожа. Единственное отличие — это AbstractPreAuthenticatedProcessingFilter, который используется в некоторых реализациях, но я не вижу смысла реализовывать его самостоятельно.

Не могли бы вы, ребята, иметь какие-нибудь идеи о том, что я собой представляю? Пропало?
Любая помощь будет полезна. Спасибо.

---------** ОБНОВЛЕНИЕ ** ----------
Вот трассировка стека .

11:19:05,874 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] (http-localhost-127.0.0.1-8080-1) Invoking afterPropertiesSet() on bean with name 'redirect:/password'
11:19:05,875 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-localhost-127.0.0.1-8080-1) Rendering view [org.springframework.web.servlet.view.RedirectView: name 'redirect:/password'; URL [/password]] in DispatcherServlet with name 'myapp'
11:19:05,878 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-localhost-127.0.0.1-8080-1) Successfully completed request
11:19:05,881 DEBUG [org.apache.tomcat.util.http.Cookies] (http-localhost-127.0.0.1-8080-1) Cookies: Parsing b[]: JSESSIONID=oos2stZVidFUWNWLtjCuFfaH.undefined
11:19:05,884 DEBUG [org.springframework.security.web.util.AntPathRequestMatcher] (http-localhost-127.0.0.1-8080-1) Checking match of request : '/password'; against '/trial/**'
11:19:05,887 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:19:05,889 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:19:05,891 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@23bdc15c. A new one will be created.
11:19:05,897 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:19:05,899 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
11:19:05,901 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
11:19:05,903 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 5 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
11:19:05,905 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
11:19:05,907 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
11:19:05,909 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
11:19:05,911 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (http-localhost-127.0.0.1-8080-1) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: oos2stZVidFUWNWLtjCuFfaH.undefined; Granted Authorities: ROLE_ANONYMOUS'
11:19:05,916 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
11:19:05,917 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
11:19:05,919 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
11:19:05,921 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (http-localhost-127.0.0.1-8080-1) Secure object: FilterInvocation: URL: /password; Attributes: [ROLE_USER]
11:19:05,923 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (http-localhost-127.0.0.1-8080-1) Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: oos2stZVidFUWNWLtjCuFfaH.undefined; Granted Authorities: ROLE_ANONYMOUS
11:19:51,333 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1355177991333 sessioncount 0
11:19:51,339 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 6 expired sessions: 0
11:20:01,346 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1355178001346 sessioncount 1
11:20:01,351 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 5 expired sessions: 0
11:20:20,500 DEBUG [org.springframework.security.access.vote.AffirmativeBased] (http-localhost-127.0.0.1-8080-1) Voter: org.springframework.security.access.vote.RoleVoter@50d9370d, returned: -1
11:20:20,512 DEBUG [org.springframework.security.access.vote.AffirmativeBased] (http-localhost-127.0.0.1-8080-1) Voter: org.springframework.security.access.vote.AuthenticatedVoter@64ad5ff2, returned: 0
11:20:20,520 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http-localhost-127.0.0.1-8080-1) Access is denied (user is anonymous); redirecting to authentication entry point: org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) [spring-security-core-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206) [spring-security-core-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) [spring-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_34]

11:20:20,595 DEBUG [org.apache.tomcat.util.http.Parameters] (http-localhost-127.0.0.1-8080-1) Set encoding to ISO-8859-1
11:20:20,597 DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] (http-localhost-127.0.0.1-8080-1) DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/myapp/password]
11:20:20,600 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http-localhost-127.0.0.1-8080-1) Calling Authentication entry point.
11:20:20,602 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] (http-localhost-127.0.0.1-8080-1) Redirecting to 'http://localhost:8080/myapp/spring_security_login'
11:20:20,603 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:20:20,605 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] (http-localhost-127.0.0.1-8080-1) SecurityContextHolder now cleared, as request processing completed
11:20:20,610 DEBUG [org.apache.tomcat.util.http.Cookies] (http-localhost-127.0.0.1-8080-1) Cookies: Parsing b[]: JSESSIONID=oos2stZVidFUWNWLtjCuFfaH.undefined
11:20:20,612 DEBUG [org.springframework.security.web.util.AntPathRequestMatcher] (http-localhost-127.0.0.1-8080-1) Checking match of request : '/spring_security_login'; against '/trial/**'
11:20:20,615 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:20:20,616 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:20:20,618 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@23bdc15c. A new one will be created.
11:20:20,620 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:20:20,622 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
11:20:20,625 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
11:20:20,628 DEBUG [org.apache.tomcat.util.http.Parameters] (http-localhost-127.0.0.1-8080-1) Set encoding to ISO-8859-1
11:20:20,630 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:20:20,633 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] (http-localhost-127.0.0.1-8080-1) SecurityContextHolder now cleared, as request processing completed

Подробнее здесь: https://stackoverflow.com/questions/137 ... ationtoken

1719435745

Anonymous

Я пробовал Spring Security, и после создания небольшого прототипа у меня возникла забавная ситуация, и я не могу понять, что я сделал не так.

Это простой сценарий, в котором:
Пользователь запрашивает пробную версию.
Система генерирует случайную строку и отправляет ссылку с этой строкой.
Пользователь нажимает на ссылку (или копирует ее в адресная строка в его/ее браузере), и система перенаправляется для установки пароля.

Все работает нормально до тех пор, пока пользователь не нажмет на ссылку.
ссылка отображается с использованием Spring MVC, и мой метод только проверяет, действительна ли строка и не истек ли срок ее действия. Затем, используя PreAuthenticatedAuthenticationToken, я регистрирую пользователя и перенаправляюсь на страницу пароля. (См. код ниже)

try {
SecurityIdentification securityIdentification = securityService.loadSecurityId(securityId);
User user = securityIdentification.getUser();
PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(user.getEmailAddress(), securityId, user.getAuthorities());

Authentication authentication = authenticationManager.authenticate(preAuthenticatedAuthenticationToken);

SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);

return "redirect:/password";

} catch (AuthenticationException e) {
model.addAttribute("message", e.getMessage());
model.addAttribute(new TrialForm());
return "trial";
}


Кроме того, вот мой XML-контекст. Я просто кладу бобы, чтобы сэкономить место. :)

























name="userDetailsService"
ref="authenticator" />








Я реализовал UserDetails как «пользователя» моей сущности, а GrantedAuthority — как «роль» моей сущности. Я также реализовал службу AuthenticationUserDetailsService, которая ищет и загружает моего пользователя в базу данных.

Теперь... Наконец... :D
Проблема, с которой я столкнулся Я столкнулся с тем, что когда я предварительно аутентифицирую своего пользователя с помощью приведенного выше кода и перенаправляюсь на страницу пароля, Spring Security показывает мне страницу входа вместо страницы пароля, поскольку я ожидаю, что пользователь уже прошел аутентификацию.

Я видел несколько реализаций, и моя очень похожа. Единственное отличие — это AbstractPreAuthenticatedProcessingFilter, который используется в некоторых реализациях, но я не вижу смысла реализовывать его самостоятельно.

Не могли бы вы, ребята, иметь какие-нибудь идеи о том, что я собой представляю? Пропало?
Любая помощь будет полезна.  Спасибо.

---------** ОБНОВЛЕНИЕ ** ----------
Вот трассировка стека .

    11:19:05,874 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] (http-localhost-127.0.0.1-8080-1) Invoking afterPropertiesSet() on bean with name 'redirect:/password'
11:19:05,875 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-localhost-127.0.0.1-8080-1) Rendering view [org.springframework.web.servlet.view.RedirectView: name 'redirect:/password'; URL [/password]] in DispatcherServlet with name 'myapp'
11:19:05,878 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-localhost-127.0.0.1-8080-1) Successfully completed request
11:19:05,881 DEBUG [org.apache.tomcat.util.http.Cookies] (http-localhost-127.0.0.1-8080-1) Cookies: Parsing b[]: JSESSIONID=oos2stZVidFUWNWLtjCuFfaH.undefined
11:19:05,884 DEBUG [org.springframework.security.web.util.AntPathRequestMatcher] (http-localhost-127.0.0.1-8080-1) Checking match of request : '/password'; against '/trial/**'
11:19:05,887 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:19:05,889 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:19:05,891 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@23bdc15c.  A new one will be created.
11:19:05,897 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:19:05,899 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
11:19:05,901 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
11:19:05,903 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 5 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
11:19:05,905 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
11:19:05,907 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
11:19:05,909 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
11:19:05,911 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (http-localhost-127.0.0.1-8080-1) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: oos2stZVidFUWNWLtjCuFfaH.undefined; Granted Authorities: ROLE_ANONYMOUS'
11:19:05,916 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
11:19:05,917 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
11:19:05,919 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /password at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
11:19:05,921 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (http-localhost-127.0.0.1-8080-1) Secure object: FilterInvocation: URL: /password; Attributes: [ROLE_USER]
11:19:05,923 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (http-localhost-127.0.0.1-8080-1) Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: oos2stZVidFUWNWLtjCuFfaH.undefined; Granted Authorities: ROLE_ANONYMOUS
11:19:51,333 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1355177991333 sessioncount 0
11:19:51,339 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 6 expired sessions: 0
11:20:01,346 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1355178001346 sessioncount 1
11:20:01,351 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 5 expired sessions: 0
11:20:20,500 DEBUG [org.springframework.security.access.vote.AffirmativeBased] (http-localhost-127.0.0.1-8080-1) Voter: org.springframework.security.access.vote.RoleVoter@50d9370d, returned: -1
11:20:20,512 DEBUG [org.springframework.security.access.vote.AffirmativeBased] (http-localhost-127.0.0.1-8080-1) Voter: org.springframework.security.access.vote.AuthenticatedVoter@64ad5ff2, returned: 0
11:20:20,520 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http-localhost-127.0.0.1-8080-1) Access is denied (user is anonymous);  redirecting to authentication entry point: org.springframework.security.access.AccessDeniedException:  Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) [spring-security-core-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206) [spring-security-core-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)  [spring-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) [spring-web-3.1.3.RELEASE.jar:3.1.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_34]

11:20:20,595 DEBUG [org.apache.tomcat.util.http.Parameters] (http-localhost-127.0.0.1-8080-1) Set encoding to ISO-8859-1
11:20:20,597 DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] (http-localhost-127.0.0.1-8080-1) DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/myapp/password]
11:20:20,600 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http-localhost-127.0.0.1-8080-1) Calling Authentication entry point.
11:20:20,602 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] (http-localhost-127.0.0.1-8080-1) Redirecting to 'http://localhost:8080/myapp/spring_security_login'
11:20:20,603 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:20:20,605 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] (http-localhost-127.0.0.1-8080-1) SecurityContextHolder now cleared, as request processing completed
11:20:20,610 DEBUG [org.apache.tomcat.util.http.Cookies] (http-localhost-127.0.0.1-8080-1) Cookies: Parsing b[]: JSESSIONID=oos2stZVidFUWNWLtjCuFfaH.undefined
11:20:20,612 DEBUG [org.springframework.security.web.util.AntPathRequestMatcher] (http-localhost-127.0.0.1-8080-1) Checking match of request : '/spring_security_login'; against '/trial/**'
11:20:20,615 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:20:20,616 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:20:20,618 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@23bdc15c.  A new one will be created.
11:20:20,620 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:20:20,622 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
11:20:20,625 DEBUG [org.springframework.security.web.FilterChainProxy] (http-localhost-127.0.0.1-8080-1) /spring_security_login at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
11:20:20,628 DEBUG [org.apache.tomcat.util.http.Parameters] (http-localhost-127.0.0.1-8080-1) Set encoding to ISO-8859-1
11:20:20,630 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-1) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:20:20,633 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] (http-localhost-127.0.0.1-8080-1) SecurityContextHolder now cleared, as request processing completed
 

Подробнее здесь: [url]https://stackoverflow.com/questions/13794213/spring-security-using-preauthenticatedauthenticationtoken[/url]