Выброс Spring Security: InsufficientAuthenticationException: для доступа к этому ресурсу требуется полная аутентификация

Выброс Spring Security: InsufficientAuthenticationException: для доступа к этому ресурсу требуется полная аутентификация ⇐ JAVA

1 сообщение • Страница 1 из 1

Anonymous

Выброс Spring Security: InsufficientAuthenticationException: для доступа к этому ресурсу требуется полная аутентификация

Цитата

Сообщение Anonymous » 06 июл 2024, 22:00

До сегодняшнего дня я без проблем работал с Spring 2.x.x. Теперь я пытаюсь создать API для отдыха с включенной защитой Spring (spring boot 3.3.1), и я хочу использовать аутентификацию HttpBasic. Итак, я просто настроил свой проект и начал тестировать безопасность. Однако Spring постоянно выдает это исключение, и я не могу выяснить, что является его источником.
Вот моя конфигурация безопасности:

Код: Выделить всё

@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
public class SecurityConfigurer {
private HttpBasicFilter httpBasicFilter;
private InMemoryUserDetailsManager inMemoryUserDetailsManager;
private PasswordEncoder encoder;

@Bean
public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf(AbstractHttpConfigurer::disable)
.sessionManagement((configurer) -> {
configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
})
.authenticationManager(authenticationManager())
.authorizeHttpRequests(
requests -> requests
.requestMatchers("api/**").authenticated()
.requestMatchers("api/v1/auth/**").permitAll()
)
.userDetailsService(inMemoryUserDetails())
.addFilterBefore(httpBasicFilter(), UsernamePasswordAuthenticationFilter.class)
.formLogin(AbstractHttpConfigurer::disable)
.exceptionHandling(customizer -> {
customizer.authenticationEntryPoint((request, response, exception) -> {
exception.printStackTrace();

response.setStatus(401);
response.setHeader("Content-Type", "application/json;  charset=UTF-8");
new ObjectMapper().writeValue(response.getOutputStream(), exception.getMessage());
});
})
.httpBasic(Customizer.withDefaults());

return httpSecurity.build();
}

@Bean
public InMemoryUserDetailsManager inMemoryUserDetails() { // just for testing purpose
if(inMemoryUserDetailsManager == null) {
UserDetails user = User
.withUsername("admin")
.password(passwordEncoder().encode("admin321"))
.roles("ADMIN")
.build();

inMemoryUserDetailsManager = new InMemoryUserDetailsManager(user);
}

return inMemoryUserDetailsManager;
}

@Bean
public PasswordEncoder passwordEncoder() {
if(encoder == null) encoder = new BCryptPasswordEncoder(8);

return encoder;
}

@Bean
public AuthenticationManager authenticationManager() {
AuthenticationProvider provider = new CustomAuthenticationProvider(inMemoryUserDetails(), passwordEncoder());

return provider::authenticate;
}

@Bean
public HttpBasicFilter httpBasicFilter() {
if(httpBasicFilter == null) httpBasicFilter = new HttpBasicFilter(authenticationManager());

return httpBasicFilter;
}
}

А это мой фильтр:

Код: Выделить всё

public class HttpBasicFilter extends BasicAuthenticationFilter {
public HttpBasicFilter(AuthenticationManager authenticationManager) {
super(authenticationManager);
}

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
String username, password;

String authHeader = request.getHeader("Authorization");

if(StringUtils.isBlank(authHeader) || !StringUtils.startsWith(authHeader, "Basic ")) throw new AuthenticationException("Full authentication is required to access this resource");

String usernamePassword = new String(Base64.getDecoder().decode(authHeader.replace("Basic ", "")));

if(StringUtils.isBlank(usernamePassword) || !usernamePassword.contains(":") || usernamePassword.split(":").length != 2) throw new AuthenticationException("Invalid authorization token");

String[] credentials = usernamePassword.split(":");
username = credentials[0];
password = credentials[1];

getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(username, password, List.of()));

// Proceed with the request
chain.doFilter(request, response);
}
}

А вот мой поставщик аутентификации:

Код: Выделить всё

@RequiredArgsConstructor
public class CustomAuthenticationProvider implements AuthenticationProvider {
private final InMemoryUserDetailsManager inMemoryUserDetailsService;
private final PasswordEncoder passwordEncoder;

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();

UserDetails user = inMemoryUserDetailsService.loadUserByUsername(username);

if(user == null) throw new BadCredentialsException("Invalid credentials");

Authentication authenticationResult = new UsernamePasswordAuthenticationToken(username, password, List.of());

if (passwordEncoder.matches(password, user.getPassword())) {
SecurityContextHolder.getContext().setAuthentication(authenticationResult); // it comes to this line when i debug, so authentication is being done successfully
} else {
throw new BadCredentialsException("Invalid credentials");
}

return authenticationResult;
}

@Override
public boolean supports(Class  authentication) {
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}

Я отправляю запрос на этот адрес: /api/v1/auth/signup, так что на самом деле не должно быть никакой логики аутентификации, но это уже другая тема, моя основная проблема некоторые пружинные фильтры не распознают (или переопределяют) мою аутентификацию.
Мой запрос почтальона:

полная форма исключения:

Код: Выделить всё

org.springframework.security.authentication.InsufficientAuthenticationException:  F u l l   a u t h e n t i c a t i o n   i s   r e q u i r e d   t o   a c c e s s   t h i s   r e s o u r c e < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . h a n d l e A c c e s s D e n i e d E x c e p t i o n ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 9 9 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . h a n d l e S p r i n g S e c u r i t y E x c e p t i o n ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 7 8 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . d o F i l t e r ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 4 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . d o F i l t e r ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 2 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s e s s i o n . S e s s i o n M a n a g e m e n t F i l t e r . d o F i l t e r ( S e s s i o n M a n a g e m e n t F i l t e r . j a v a : 9 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s e s s i o n . S e s s i o n M a n a g e m e n t F i l t e r . d o F i l t e r ( S e s s i o n M a n a g e m e n t F i l t e r . j a v a : 8 5 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a u t h e n t i c a t i o n . A n o n y m o u s A u t h e n t i c a t i o n F i l t e r . d o F i l t e r ( A n o n y m o u s A u t h e n t i c a t i o n F i l t e r . j a v a : 1 0 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s e r v l e t a p i . S e c u r i t y C o n t e x t H o l d e r A w a r e R e q u e s t F i l t e r . d o F i l t e r ( S e c u r i t y C o n t e x t H o l d e r A w a r e R e q u e s t F i l t e r . j a v a : 1 7 9 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s a v e d r e q u e s t . R e q u e s t C a c h e A w a r e F i l t e r . d o F i l t e r ( R e q u e s t C a c h e A w a r e F i l t e r . j a v a : 6 3 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a u t h e n t i c a t i o n . l o g o u t . L o g o u t F i l t e r . d o F i l t e r ( L o g o u t F i l t e r . j a v a : 1 0 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a u t h e n t i c a t i o n . l o g o u t . L o g o u t F i l t e r . d o F i l t e r ( L o g o u t F i l t e r . j a v a : 9 3 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . c o n t e x t . S e c u r i t y C o n t e x t H o l d e r F i l t e r . d o F i l t e r ( S e c u r i t y C o n t e x t H o l d e r F i l t e r . j a v a : 8 2 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . c o n t e x t . S e c u r i t y C o n t e x t H o l d e r F i l t e r . d o F i l t e r ( S e c u r i t y C o n t e x t H o l d e r F i l t e r . j a v a : 6 9 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t ualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:632)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:410)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:330)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:267)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:362)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:222)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:904)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:1570)

Что я пробовал:

Используйте DaoAuthenticationProvider, расширив его из моего CustomAuthenticationProvider
Изменить положение фильтра HttpBasic (я пытался разместить его до или после других фильтров)

Чего я ожидаю:

Если я установлю поле аутентификации контекста безопасности Spring, он должен распознать это и разрешить пароль пользователя в приложении

Подробнее здесь: https://stackoverflow.com/questions/787 ... thenticati

1720292410

Anonymous

До сегодняшнего дня я без проблем работал с Spring 2.x.x. Теперь я пытаюсь создать API для отдыха с включенной защитой Spring (spring boot 3.3.1), и я хочу использовать аутентификацию HttpBasic. Итак, я просто настроил свой проект и начал тестировать безопасность.  Однако Spring постоянно выдает это исключение, и я не могу выяснить, что является его источником.
Вот моя конфигурация безопасности:
[code]
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
public class SecurityConfigurer {
private HttpBasicFilter httpBasicFilter;
private InMemoryUserDetailsManager inMemoryUserDetailsManager;
private PasswordEncoder encoder;

@Bean
public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf(AbstractHttpConfigurer::disable)
.sessionManagement((configurer) -> {
configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
})
.authenticationManager(authenticationManager())
.authorizeHttpRequests(
requests -> requests
.requestMatchers("api/**").authenticated()
.requestMatchers("api/v1/auth/**").permitAll()
)
.userDetailsService(inMemoryUserDetails())
.addFilterBefore(httpBasicFilter(), UsernamePasswordAuthenticationFilter.class)
.formLogin(AbstractHttpConfigurer::disable)
.exceptionHandling(customizer -> {
customizer.authenticationEntryPoint((request, response, exception) -> {
exception.printStackTrace();

response.setStatus(401);
response.setHeader("Content-Type", "application/json;  charset=UTF-8");
new ObjectMapper().writeValue(response.getOutputStream(), exception.getMessage());
});
})
.httpBasic(Customizer.withDefaults());

return httpSecurity.build();
}

@Bean
public InMemoryUserDetailsManager inMemoryUserDetails() { // just for testing purpose
if(inMemoryUserDetailsManager == null) {
UserDetails user = User
.withUsername("admin")
.password(passwordEncoder().encode("admin321"))
.roles("ADMIN")
.build();

inMemoryUserDetailsManager = new InMemoryUserDetailsManager(user);
}

return inMemoryUserDetailsManager;
}

@Bean
public PasswordEncoder passwordEncoder() {
if(encoder == null) encoder = new BCryptPasswordEncoder(8);

return encoder;
}

@Bean
public AuthenticationManager authenticationManager() {
AuthenticationProvider provider = new CustomAuthenticationProvider(inMemoryUserDetails(), passwordEncoder());

return provider::authenticate;
}

@Bean
public HttpBasicFilter httpBasicFilter() {
if(httpBasicFilter == null) httpBasicFilter = new HttpBasicFilter(authenticationManager());

return httpBasicFilter;
}
}
[/code]
А это мой фильтр:
[code]public class HttpBasicFilter extends BasicAuthenticationFilter {
public HttpBasicFilter(AuthenticationManager authenticationManager) {
super(authenticationManager);
}

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
String username, password;

String authHeader = request.getHeader("Authorization");

if(StringUtils.isBlank(authHeader) || !StringUtils.startsWith(authHeader, "Basic ")) throw new AuthenticationException("Full authentication is required to access this resource");

String usernamePassword = new String(Base64.getDecoder().decode(authHeader.replace("Basic ", "")));

if(StringUtils.isBlank(usernamePassword) || !usernamePassword.contains(":") || usernamePassword.split(":").length != 2) throw new AuthenticationException("Invalid authorization token");

String[] credentials = usernamePassword.split(":");
username = credentials[0];
password = credentials[1];

getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(username, password, List.of()));

// Proceed with the request
chain.doFilter(request, response);
}
}
[/code]
А вот мой поставщик аутентификации:
[code]@RequiredArgsConstructor
public class CustomAuthenticationProvider implements AuthenticationProvider {
private final InMemoryUserDetailsManager inMemoryUserDetailsService;
private final PasswordEncoder passwordEncoder;

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();

UserDetails user = inMemoryUserDetailsService.loadUserByUsername(username);

if(user == null) throw new BadCredentialsException("Invalid credentials");

Authentication authenticationResult = new UsernamePasswordAuthenticationToken(username, password, List.of());

if (passwordEncoder.matches(password, user.getPassword())) {
SecurityContextHolder.getContext().setAuthentication(authenticationResult); // it comes to this line when i debug, so authentication is being done successfully
} else {
throw new BadCredentialsException("Invalid credentials");
}

return authenticationResult;
}

@Override
public boolean supports(Class  authentication) {
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
[/code]
Я отправляю запрос на этот адрес: /api/v1/auth/signup, так что на самом деле не должно быть никакой логики аутентификации, но это уже другая тема, моя основная проблема некоторые пружинные фильтры не распознают (или переопределяют) мою аутентификацию.
Мой запрос почтальона:

полная форма исключения:
[code]org.springframework.security.authentication.InsufficientAuthenticationException:  F u l l   a u t h e n t i c a t i o n   i s   r e q u i r e d   t o   a c c e s s   t h i s   r e s o u r c e < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . h a n d l e A c c e s s D e n i e d E x c e p t i o n ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 9 9 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . h a n d l e S p r i n g S e c u r i t y E x c e p t i o n ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 7 8 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . d o F i l t e r ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 4 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a c c e s s . E x c e p t i o n T r a n s l a t i o n F i l t e r . d o F i l t e r ( E x c e p t i o n T r a n s l a t i o n F i l t e r . j a v a : 1 2 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s e s s i o n . S e s s i o n M a n a g e m e n t F i l t e r . d o F i l t e r ( S e s s i o n M a n a g e m e n t F i l t e r . j a v a : 9 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s e s s i o n . S e s s i o n M a n a g e m e n t F i l t e r . d o F i l t e r ( S e s s i o n M a n a g e m e n t F i l t e r . j a v a : 8 5 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a u t h e n t i c a t i o n . A n o n y m o u s A u t h e n t i c a t i o n F i l t e r . d o F i l t e r ( A n o n y m o u s A u t h e n t i c a t i o n F i l t e r . j a v a : 1 0 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s e r v l e t a p i . S e c u r i t y C o n t e x t H o l d e r A w a r e R e q u e s t F i l t e r . d o F i l t e r ( S e c u r i t y C o n t e x t H o l d e r A w a r e R e q u e s t F i l t e r . j a v a : 1 7 9 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . s a v e d r e q u e s t . R e q u e s t C a c h e A w a r e F i l t e r . d o F i l t e r ( R e q u e s t C a c h e A w a r e F i l t e r . j a v a : 6 3 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a u t h e n t i c a t i o n . l o g o u t . L o g o u t F i l t e r . d o F i l t e r ( L o g o u t F i l t e r . j a v a : 1 0 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . a u t h e n t i c a t i o n . l o g o u t . L o g o u t F i l t e r . d o F i l t e r ( L o g o u t F i l t e r . j a v a : 9 3 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . c o n t e x t . S e c u r i t y C o n t e x t H o l d e r F i l t e r . d o F i l t e r ( S e c u r i t y C o n t e x t H o l d e r F i l t e r . j a v a : 8 2 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . c o n t e x t . S e c u r i t y C o n t e x t H o l d e r F i l t e r . d o F i l t e r ( S e c u r i t y C o n t e x t H o l d e r F i l t e r . j a v a : 6 9 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t u a l F i l t e r C h a i n . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 1 3 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . w e b . f i l t e r . O n c e P e r R e q u e s t F i l t e r . d o F i l t e r ( O n c e P e r R e q u e s t F i l t e r . j a v a : 1 0 1 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . w r a p F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 4 0 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ O b s e r v a t i o n F i l t e r . d o F i l t e r ( O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r . j a v a : 2 2 7 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . w e b . O b s e r v a t i o n F i l t e r C h a i n D e c o r a t o r $ V i r t ualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:632)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:410)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:330)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:267)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:362)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:222)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:904)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:1570)
[/code]
Что я пробовал:
[list]
[*]Используйте DaoAuthenticationProvider,  расширив его из моего CustomAuthenticationProvider

[*]Изменить положение фильтра HttpBasic (я пытался разместить его до или после других фильтров)

[/list]
Чего я ожидаю:
[list]
[*]Если я установлю поле аутентификации контекста безопасности Spring, он должен распознать это и разрешить пароль пользователя в приложении
[/list] 

Подробнее здесь: [url]https://stackoverflow.com/questions/78715665/spring-security-throwing-insufficientauthenticationexception-full-authenticati[/url]