我有一个包含两个组件的Web应用程序,一方面是仪表板,另一方面是REST API。我正在尝试实现与特定URL匹配的不同类型的安全性(网站URL / website / **,其余URL / API / ****)。我坚持将路径配置为与两种类型的安全性相对应。 基于表单的安全性似乎可以正常运行,但OAuth不能正常运行。
对于其余URL,我拒绝访问所有内容,甚至应公开的内容。我首先在没有表单安全性的情况下实现了OAuth,而且效果很好。在其他配置中添加基于表单的安全性之后 我无法进入,无法休息。授权服务器仍然可以正常运行, 我得到了正确发行的代币
任何帮助将不胜感激,这是下面的代码。
表格安全
@Configuration
@Order(1)
public class WebsiteSecurity extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/website/**")
.authorizeRequests()
.antMatchers("/website/login","/website/public").permitAll()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers("/website/admin/home").hasAuthority("ADMINISTRATOR")
//.antMatchers("/api/**").permitAll()
.anyRequest()
.authenticated()
.and().formLogin()
.loginPage("/website/login")
.loginProcessingUrl("/website/authenticate")
.failureUrl("/website/login?error=true")
.usernameParameter("email")
.passwordParameter("password")
.defaultSuccessUrl("/website/admin/home")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/website/logout"))
.logoutSuccessUrl("/website/login").and().exceptionHandling()
.and()
.sessionManagement()
.invalidSessionUrl("/website/login?expired=true")
;
}
}
REST安全性
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(2)
public class OauthSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Resource(name = "userService")
private UserDetailsService userDetailsService;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
HTTP
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/api/docs").permitAll()
.antMatchers("/api/secured").hasAuthority("ADMINISTRATOR").anyRequest().authenticated();
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Bean
public BCryptPasswordEncoder encoder(){
return new BCryptPasswordEncoder();
}
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/api/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
资源服务器
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "resource_id";
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
.anonymous().disable()
.csrf().disable()
.authorizeRequests()
.antMatchers("/api/docs").permitAll()
.antMatchers("/api/secured").authenticated()
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
}
如果您需要更多信息,请随时询问:D干杯! 编辑1(要求的春季安全调试日志)
使用良好的令牌登录/ api / secured
2018-08-11 17:13:30.995 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2018-08-11 17:13:30.995 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/oauth/token'
2018-08-11 17:13:30.995 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/oauth/token_key'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/oauth/check_token'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/website/**'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 1 of 9 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 3 of 9 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 4 of 9 in additional filter chain; firing Filter: 'LogoutFilter'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/logout'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/secured' doesn't match 'POST /logout
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/secured' doesn't match 'PUT /logout
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/secured' doesn't match 'DELETE /logout
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 5 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 6 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-08-11 17:13:30.996 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-08-11 17:13:30.998 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-08-11 17:13:30.998 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-08-11 17:13:30.998 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/api/docs'
2018-08-11 17:13:30.998 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/secured'; against '/api/secured'
2018-08-11 17:13:30.998 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /api/secured?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe; Attributes: [hasAuthority('ADMINISTRATOR')]
2018-08-11 17:13:30.999 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:379) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:223) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.31.jar:8.5.31]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.31.jar:8.5.31]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_45]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.31.jar:8.5.31]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
2018-08-11 17:13:30.999 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2018-08-11 17:13:30.999 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2018-08-11 17:13:30.999 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@30e292
2018-08-11 17:13:30.999 DEBUG 16256 --- [nio-8080-exec-6] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/token'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/token_key'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/check_token'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/website/**'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 1 of 9 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 3 of 9 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 4 of 9 in additional filter chain; firing Filter: 'LogoutFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/logout'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'POST /logout
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'PUT /logout
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'DELETE /logout
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 5 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 6 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-08-11 17:13:31.000 DEBUG 16256 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /error?access_token=ee7e8e8f-8423-481c-9773-cd97099c5dfe reached end of additional filter chain; proceeding with original chain
2018-08-11 17:13:31.002 DEBUG 16256 --- [nio-8080-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2018-08-11 17:13:31.002 DEBUG 16256 --- [nio-8080-exec-6] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed