我有2个过滤器
@WebFilter(urlPatterns = "/rest/*")
public class TokenFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("filtering /rest/* requests");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
System.out.println("Matching /rest/* request");
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Optional<String> userFromToken = getUserFromToken(request);
if (!userFromToken.isPresent()) {
response.sendError(HttpStatus.UNAUTHORIZED.value());
return;
}
System.out.println("filtered /rest request for " + userFromToken.get());
addAuthentication(response, userFromToken.get());
filterChain.doFilter(servletRequest, response);
}
@Override
public void destroy() {
}
}
和
@WebFilter(urlPatterns = "/login")
public class AppLoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("filtering /login/ requests");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
System.out.println("Matching /login/ request");
HttpServletRequest request = (HttpServletRequest) servletRequest;
String idToken = ((HttpServletRequest) servletRequest).getHeader("X-ID-TOKEN");
HttpServletResponse response = (HttpServletResponse) servletResponse;
System.out.println("filtered /login request: " + idToken);
if (idToken != null) {
final Payload payload;
try {
payload = GoogleTokenVerifier.verify(idToken);
if (payload != null) {
// TODO: 5/6/17 get this username from DB (createOrGet)
final String username = "myUniqueUser";
AppTokenProviderAndAuthenticator.addAuthentication(response, username);
filterChain.doFilter(servletRequest, response);
return;
}
} catch (GeneralSecurityException | InvalidTokenException e) {
// This is not a valid token, we will send HTTP 401 back
}
}
((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
@Override
public void destroy() {
}
}
和我的Application
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;
@ServletComponentScan
@SpringBootApplication
public class ServerApplication {
public static void main(String[] args) {
SpringApplication.run(ServerApplication.class, args);
}
}
当我启动我的应用程序时,我在日志中看到以下内容
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.3.RELEASE)
2017-05-09 13:28:40.841 INFO 80936 --- [ restartedMain] com.hhimanshu.secure.ServerApplication : Starting ServerApplication on HHimanshu-MBR64.local with PID 80936 (/Users/Harit.Himanshu/IdeaProjects/q2/server/target/classes started by Harit.Himanshu in /Users/Harit.Himanshu/IdeaProjects/q2/server)
2017-05-09 13:28:40.841 INFO 80936 --- [ restartedMain] com.hhimanshu.secure.ServerApplication : No active profile set, falling back to default profiles: default
2017-05-09 13:28:40.887 INFO 80936 --- [ restartedMain] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4e0339c5: startup date [Tue May 09 13:28:40 NZST 2017]; root of context hierarchy
2017-05-09 13:28:41.787 INFO 80936 --- [ restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-09 13:28:41.793 INFO 80936 --- [ restartedMain] o.apache.catalina.core.StandardService : Starting service Tomcat
2017-05-09 13:28:41.794 INFO 80936 --- [ restartedMain] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/8.5.14
2017-05-09 13:28:41.838 INFO 80936 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2017-05-09 13:28:41.838 INFO 80936 --- [ost-startStop-1] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 954 ms
2017-05-09 13:28:41.931 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-09 13:28:41.931 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-09 13:28:41.931 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-09 13:28:41.931 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-09 13:28:41.932 INFO 80936 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2017-05-09 13:28:41.932 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'com.hhimanshu.secure.auth.filters.AppLoginFilter' to urls: [/login]
2017-05-09 13:28:41.932 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'com.hhimanshu.secure.auth.filters.TokenFilter' to urls: [/rest/*]
2017-05-09 13:28:41.932 INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/]
filtering /login/ requests
filtering /rest/* requests
2017-05-09 13:28:42.089 INFO 80936 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4e0339c5: startup date [Tue May 09 13:28:40 NZST 2017]; root of context hierarchy
2017-05-09 13:28:42.120 INFO 80936 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/hello],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.HelloWorld.sayHello()
2017-05-09 13:28:42.120 INFO 80936 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login],methods=[POST]}" onto public void com.hhimanshu.secure.api.Login.authenticate()
2017-05-09 13:28:42.123 INFO 80936 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-09 13:28:42.123 INFO 80936 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-09 13:28:42.141 INFO 80936 --- [ restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.142 INFO 80936 --- [ restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.164 INFO 80936 --- [ restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.175 INFO 80936 --- [ restartedMain] oConfiguration$WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2017-05-09 13:28:42.278 INFO 80936 --- [ restartedMain] b.a.s.AuthenticationManagerConfiguration :
Using default security password: d1915adb-5af3-48a2-b716-a87141be0fed
2017-05-09 13:28:42.305 INFO 80936 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/css/**'], Ant [pattern='/js/**'], Ant [pattern='/images/**'], Ant [pattern='/webjars/**'], Ant [pattern='/**/favicon.ico'], Ant [pattern='/error']]], []
2017-05-09 13:28:42.349 INFO 80936 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/**']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1142b9af, org.springframework.security.web.context.SecurityContextPersistenceFilter@23f70e9, org.springframework.security.web.header.HeaderWriterFilter@476d93e7, org.springframework.security.web.authentication.logout.LogoutFilter@5e7064a4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@605326d1, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4a058da6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4b32f03e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3a8a09e6, org.springframework.security.web.session.SessionManagementFilter@6a816ad4, org.springframework.security.web.access.ExceptionTranslationFilter@2ab3c6b5, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@474d7d8f]
2017-05-09 13:28:42.389 INFO 80936 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729
2017-05-09 13:28:42.425 INFO 80936 --- [ restartedMain] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2017-05-09 13:28:42.464 INFO 80936 --- [ restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-09 13:28:42.468 INFO 80936 --- [ restartedMain] com.hhimanshu.secure.ServerApplication : Started ServerApplication in 1.779 seconds (JVM running for 2.088)
2017-05-09 13:28:47.546 INFO 80936 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-09 13:28:47.546 INFO 80936 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-09 13:28:47.556 INFO 80936 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 10 ms
因此,当我点击URL
时,bean已注册curl -v -H "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJteVVuaXF1ZVVzZXIiLCJleHAiOjE0OTUwMDA3NjV9.B4Ax_BIkrW044rwVnN-qvLcT9r0JzP4VCECjExp3yTFqv4STNmEiG4LNBHU-BXjAOSgt9xuLV7LhVXPKLYApbQ" http://localhost:8080/rest/hello
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /rest/hello HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJteVVuaXF1ZVVzZXIiLCJleHAiOjE0OTUwMDA3NjV9.B4Ax_BIkrW044rwVnN-qvLcT9r0JzP4VCECjExp3yTFqv4STNmEiG4LNBHU-BXjAOSgt9xuLV7LhVXPKLYApbQ
>
< HTTP/1.1 401
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 09 May 2017 01:28:47 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":1494293327580,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/rest/hello"}
/rest/*中所述,它们不会被TokenFilter模式拦截。
此外,我的静态资源在身份验证后被过滤(我不想要)
✗ curl -v http://localhost:8080/
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 401
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 09 May 2017 01:28:54 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":1494293334189,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/"}% ➜ server git:(jwt) ✗
我在哪里弄错了?
答案 0 :(得分:5)
这就是我解决它的方式
将WebSecurityConfig添加为
@EnableWebSecurity //(debug = true) // when you want to see what filters are applied
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/css/**", "/js/**", "/images/**", "/static/**", "/**/favicon.ico").permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.antMatchers("/rest/*").permitAll()
.antMatchers("/").permitAll()
.anyRequest().authenticated();
}
}
然后添加过滤器
package com.hhimanshu.secure.auth.filters;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator;
import com.hhimanshu.secure.auth.GoogleTokenVerifier;
import com.hhimanshu.secure.common.InvalidTokenException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("init /login filter");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
String idToken = ((HttpServletRequest) servletRequest).getHeader("X-ID-TOKEN");
HttpServletResponse response = (HttpServletResponse) servletResponse;
System.out.println("filtered /login request: " + idToken);
if (idToken != null) {
final Payload payload;
try {
payload = GoogleTokenVerifier.verify(idToken);
if (payload != null) {
// TODO: 5/6/17 get this username from DB (createOrGet)
String username = "myUniqueUser";
AppTokenProviderAndAuthenticator.addAuthentication(response, username);
filterChain.doFilter(servletRequest, response);
return;
}
} catch (GeneralSecurityException | InvalidTokenException e) {
// This is not a valid token, we will send HTTP 401 back
}
}
((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
@Override
public void destroy() {
}
}
和
package com.hhimanshu.secure.auth.filters;
import static com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator.addAuthentication;
import static com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator.getUserFromToken;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
@Component
public class RestFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("init /rest/* filter");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
System.out.println("Token Filter pathInfo:" + request.getRequestURI());
Optional<String> userFromToken = getUserFromToken(request);
if (!userFromToken.isPresent()) {
response.sendError(HttpStatus.UNAUTHORIZED.value());
return;
}
addAuthentication(response, userFromToken.get());
filterChain.doFilter(request, servletResponse);
}
@Override
public void destroy() {
}
}
并将过滤器注册为
package com.hhimanshu.secure.auth.filters;
import java.util.Collections;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class Filters {
@Bean
public FilterRegistrationBean loginRegistrationBean() {
System.out.println("Setting up loginRegistrationBean");
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new LoginFilter());
filterRegistrationBean.setUrlPatterns(Collections.singletonList("/login/*"));
return filterRegistrationBean;
}
@Bean
public FilterRegistrationBean restRegistrationBean() {
System.out.println("Setting up restRegistrationBean");
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new RestFilter());
filterRegistrationBean.setUrlPatterns(Collections.singletonList("/rest/*"));
return filterRegistrationBean;
}
}
然后它开始工作
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.3.RELEASE)
2017-05-09 15:32:42.551 INFO 88944 --- [ restartedMain] com.hhimanshu.secure.ServerApplication : Starting ServerApplication on HHimanshu-MBR64.local with PID 88944 (/Users/Harit.Himanshu/IdeaProjects/q2/server/target/classes started by Harit.Himanshu in /Users/Harit.Himanshu/IdeaProjects/q2/server)
2017-05-09 15:32:42.553 INFO 88944 --- [ restartedMain] com.hhimanshu.secure.ServerApplication : No active profile set, falling back to default profiles: default
2017-05-09 15:32:42.613 INFO 88944 --- [ restartedMain] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5164cfb9: startup date [Tue May 09 15:32:42 NZST 2017]; root of context hierarchy
2017-05-09 15:32:43.472 INFO 88944 --- [ restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-09 15:32:43.480 INFO 88944 --- [ restartedMain] o.apache.catalina.core.StandardService : Starting service Tomcat
2017-05-09 15:32:43.481 INFO 88944 --- [ restartedMain] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/8.5.14
2017-05-09 15:32:43.524 INFO 88944 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2017-05-09 15:32:43.525 INFO 88944 --- [ost-startStop-1] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 914 ms
Setting up loginRegistrationBean
Setting up restRegistrationBean
2017-05-09 15:32:43.622 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-09 15:32:43.623 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-09 15:32:43.623 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-09 15:32:43.623 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-09 15:32:43.624 INFO 88944 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2017-05-09 15:32:43.624 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'loginFilter' to urls: [/login/*]
2017-05-09 15:32:43.624 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'restFilter' to urls: [/rest/*]
2017-05-09 15:32:43.624 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Filter restFilter was not registered (possibly already registered?)
2017-05-09 15:32:43.624 INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/]
init /login filter
init /rest/* filter
2017-05-09 15:32:43.830 INFO 88944 --- [ restartedMain] b.a.s.AuthenticationManagerConfiguration :
Using default security password: b5705a6c-418d-44b1-8ec0-04d1094693f8
2017-05-09 15:32:43.911 INFO 88944 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4494ada7, org.springframework.security.web.context.SecurityContextPersistenceFilter@155437e7, org.springframework.security.web.header.HeaderWriterFilter@1e35a1a1, org.springframework.security.web.authentication.logout.LogoutFilter@5f1a3502, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f5ae09c, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@244b340d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@66f2d458, org.springframework.security.web.session.SessionManagementFilter@76507fe1, org.springframework.security.web.access.ExceptionTranslationFilter@74272ac7, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3619c72b]
2017-05-09 15:32:43.965 INFO 88944 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5164cfb9: startup date [Tue May 09 15:32:42 NZST 2017]; root of context hierarchy
2017-05-09 15:32:43.997 INFO 88944 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/hello],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.HelloWorldService.sayHello()
2017-05-09 15:32:43.998 INFO 88944 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login],methods=[POST]}" onto public void com.hhimanshu.secure.api.LoginService.authenticate()
2017-05-09 15:32:43.999 INFO 88944 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/tweets],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.TweetsService.tweets()
2017-05-09 15:32:44.002 INFO 88944 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-09 15:32:44.003 INFO 88944 --- [ restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-09 15:32:44.022 INFO 88944 --- [ restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.022 INFO 88944 --- [ restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.044 INFO 88944 --- [ restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.058 INFO 88944 --- [ restartedMain] oConfiguration$WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2017-05-09 15:32:44.117 INFO 88944 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729
2017-05-09 15:32:44.150 INFO 88944 --- [ restartedMain] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2017-05-09 15:32:44.188 INFO 88944 --- [ restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-09 15:32:44.192 INFO 88944 --- [ restartedMain] com.hhimanshu.secure.ServerApplication : Started ServerApplication in 2.112 seconds (JVM running for 2.425)
2017-05-09 15:32:49.114 INFO 88944 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-09 15:32:49.114 INFO 88944 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-09 15:32:49.123 INFO 88944 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 9 ms
Token Filter pathInfo:/rest/goobar
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5qw
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5qw
Token Filter pathInfo:/rest/tweets
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5q
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5q
Token Filter pathInfo:/rest/hello
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ3VU1RcG9DemRfYm9jaEJEMjBlYkhRIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI3Nzg2NSwiZXhwIjoxNDk0MjgxNDY1LCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.hQSvNFuh7MBNhHjpmAT40xi43Siyz2xF6j1kQ2cvvc-sB-5wDDgHOfKJFzvktYUQrT0Vso-d9Vdq4gmLyfwGBfWEkj1dNNZIn5IE4RWG4gKYrQkT2iDDI_9d1QyqYNPmdgP_RGlszMoL4Le5s1QXMU9p-Uj39-2dIwD2ska-n3ebH7fPv1iBkCOibnbuCtadn5NqTmJ-NtJ5nRhXNyiuK3QNV83g2w17cDnZF_s2pNLHPNWaciuJpqiVOhzS_3l4OL82yYv0O7vKc8wOjwz8B8izyCh-oI3wGe7puFqrsf_Sl2WMKrm4B7pc20x3XuaKgGLdRaIXpwSS8sh8jMHiaA
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ3VU1RcG9DemRfYm9jaEJEMjBlYkhRIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI3Nzg2NSwiZXhwIjoxNDk0MjgxNDY1LCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.hQSvNFuh7MBNhHjpmAT40xi43Siyz2xF6j1kQ2cvvc-sB-5wDDgHOfKJFzvktYUQrT0Vso-d9Vdq4gmLyfwGBfWEkj1dNNZIn5IE4RWG4gKYrQkT2iDDI_9d1QyqYNPmdgP_RGlszMoL4Le5s1QXMU9p-Uj39-2dIwD2ska-n3ebH7fPv1iBkCOibnbuCtadn5NqTmJ-NtJ5nRhXNyiuK3QNV83g2w17cDnZF_s2pNLHPNWaciuJpqiVOhzS_3l4OL82yYv0O7vKc8wOjwz8B8izyCh-oI3wGe7puFqrsf_Sl2WMKrm4B7pc20x3XuaKgGLdRaIXpwSS8sh8jMHiaA