Spring启动自定义筛选器无法正常工作

时间:2017-05-09 01:36:32

标签: java spring spring-boot spring-security filter

我有2个过滤器

@WebFilter(urlPatterns = "/rest/*")
public class TokenFilter implements Filter {

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("filtering /rest/* requests");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {
    System.out.println("Matching /rest/* request");

    HttpServletRequest request = (HttpServletRequest) servletRequest;

    HttpServletResponse response = (HttpServletResponse) servletResponse;
    Optional<String> userFromToken = getUserFromToken(request);

    if (!userFromToken.isPresent()) {
      response.sendError(HttpStatus.UNAUTHORIZED.value());
      return;
    }

    System.out.println("filtered /rest request for " + userFromToken.get());
    addAuthentication(response, userFromToken.get());
    filterChain.doFilter(servletRequest, response);
  }

  @Override
  public void destroy() {

  }
}

@WebFilter(urlPatterns = "/login")
public class AppLoginFilter implements Filter {



  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("filtering /login/ requests");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {
    System.out.println("Matching /login/ request");

    HttpServletRequest request = (HttpServletRequest) servletRequest;

    String idToken = ((HttpServletRequest) servletRequest).getHeader("X-ID-TOKEN");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    System.out.println("filtered /login request: " + idToken);

    if (idToken != null) {
      final Payload payload;
      try {
        payload = GoogleTokenVerifier.verify(idToken);
        if (payload != null) {
          // TODO: 5/6/17 get this username from DB (createOrGet)
          final String username = "myUniqueUser";
          AppTokenProviderAndAuthenticator.addAuthentication(response, username);
          filterChain.doFilter(servletRequest, response);
          return;
        }
      } catch (GeneralSecurityException | InvalidTokenException e) {
        // This is not a valid token, we will send HTTP 401 back
      }
    }
    ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED);
  }

  @Override
  public void destroy() {

  }
}

和我的Application

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;

@ServletComponentScan
@SpringBootApplication
public class ServerApplication {
  public static void main(String[] args) {
    SpringApplication.run(ServerApplication.class, args);
  }
}

当我启动我的应用程序时,我在日志中看到以下内容

 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.3.RELEASE)

2017-05-09 13:28:40.841  INFO 80936 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Starting ServerApplication on HHimanshu-MBR64.local with PID 80936 (/Users/Harit.Himanshu/IdeaProjects/q2/server/target/classes started by Harit.Himanshu in /Users/Harit.Himanshu/IdeaProjects/q2/server)
2017-05-09 13:28:40.841  INFO 80936 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : No active profile set, falling back to default profiles: default
2017-05-09 13:28:40.887  INFO 80936 --- [  restartedMain] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4e0339c5: startup date [Tue May 09 13:28:40 NZST 2017]; root of context hierarchy
2017-05-09 13:28:41.787  INFO 80936 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-09 13:28:41.793  INFO 80936 --- [  restartedMain] o.apache.catalina.core.StandardService   : Starting service Tomcat
2017-05-09 13:28:41.794  INFO 80936 --- [  restartedMain] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.14
2017-05-09 13:28:41.838  INFO 80936 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2017-05-09 13:28:41.838  INFO 80936 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 954 ms
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'com.hhimanshu.secure.auth.filters.AppLoginFilter' to urls: [/login]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'com.hhimanshu.secure.auth.filters.TokenFilter' to urls: [/rest/*]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
filtering /login/ requests
filtering /rest/* requests
2017-05-09 13:28:42.089  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4e0339c5: startup date [Tue May 09 13:28:40 NZST 2017]; root of context hierarchy
2017-05-09 13:28:42.120  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/hello],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.HelloWorld.sayHello()
2017-05-09 13:28:42.120  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login],methods=[POST]}" onto public void com.hhimanshu.secure.api.Login.authenticate()
2017-05-09 13:28:42.123  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-09 13:28:42.123  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-09 13:28:42.141  INFO 80936 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.142  INFO 80936 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.164  INFO 80936 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.175  INFO 80936 --- [  restartedMain] oConfiguration$WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2017-05-09 13:28:42.278  INFO 80936 --- [  restartedMain] b.a.s.AuthenticationManagerConfiguration : 

Using default security password: d1915adb-5af3-48a2-b716-a87141be0fed

2017-05-09 13:28:42.305  INFO 80936 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/css/**'], Ant [pattern='/js/**'], Ant [pattern='/images/**'], Ant [pattern='/webjars/**'], Ant [pattern='/**/favicon.ico'], Ant [pattern='/error']]], []
2017-05-09 13:28:42.349  INFO 80936 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/**']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1142b9af, org.springframework.security.web.context.SecurityContextPersistenceFilter@23f70e9, org.springframework.security.web.header.HeaderWriterFilter@476d93e7, org.springframework.security.web.authentication.logout.LogoutFilter@5e7064a4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@605326d1, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4a058da6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4b32f03e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3a8a09e6, org.springframework.security.web.session.SessionManagementFilter@6a816ad4, org.springframework.security.web.access.ExceptionTranslationFilter@2ab3c6b5, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@474d7d8f]
2017-05-09 13:28:42.389  INFO 80936 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2017-05-09 13:28:42.425  INFO 80936 --- [  restartedMain] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2017-05-09 13:28:42.464  INFO 80936 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-09 13:28:42.468  INFO 80936 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Started ServerApplication in 1.779 seconds (JVM running for 2.088)
2017-05-09 13:28:47.546  INFO 80936 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-09 13:28:47.546  INFO 80936 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-09 13:28:47.556  INFO 80936 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 10 ms

因此,当我点击URL

时,bean已注册
curl -v -H "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJteVVuaXF1ZVVzZXIiLCJleHAiOjE0OTUwMDA3NjV9.B4Ax_BIkrW044rwVnN-qvLcT9r0JzP4VCECjExp3yTFqv4STNmEiG4LNBHU-BXjAOSgt9xuLV7LhVXPKLYApbQ" http://localhost:8080/rest/hello
*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /rest/hello HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJteVVuaXF1ZVVzZXIiLCJleHAiOjE0OTUwMDA3NjV9.B4Ax_BIkrW044rwVnN-qvLcT9r0JzP4VCECjExp3yTFqv4STNmEiG4LNBHU-BXjAOSgt9xuLV7LhVXPKLYApbQ
>
< HTTP/1.1 401
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 09 May 2017 01:28:47 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":1494293327580,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/rest/hello"}
/rest/*中所述,它们不会被TokenFilter模式拦截。

此外,我的静态资源在身份验证后被过滤(我不想要)

✗ curl -v http://localhost:8080/
*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 401
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 09 May 2017 01:28:54 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":1494293334189,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/"}%                                                           ➜  server git:(jwt) ✗

我在哪里弄错了?

1 个答案:

答案 0 :(得分:5)

这就是我解决它的方式

WebSecurityConfig添加为

@EnableWebSecurity //(debug = true) // when you want to see what filters are applied
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
        .antMatchers("/css/**", "/js/**", "/images/**", "/static/**", "/**/favicon.ico").permitAll()
        .antMatchers(HttpMethod.POST, "/login").permitAll()
        .antMatchers("/rest/*").permitAll()
        .antMatchers("/").permitAll()
        .anyRequest().authenticated();
  }
}

然后添加过滤器

package com.hhimanshu.secure.auth.filters;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator;
import com.hhimanshu.secure.auth.GoogleTokenVerifier;
import com.hhimanshu.secure.common.InvalidTokenException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginFilter implements Filter {

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("init /login filter");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {

    String idToken = ((HttpServletRequest) servletRequest).getHeader("X-ID-TOKEN");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    System.out.println("filtered /login request: " + idToken);

    if (idToken != null) {
      final Payload payload;
      try {
        payload = GoogleTokenVerifier.verify(idToken);
        if (payload != null) {
          // TODO: 5/6/17 get this username from DB (createOrGet)
          String username = "myUniqueUser";
          AppTokenProviderAndAuthenticator.addAuthentication(response, username);
          filterChain.doFilter(servletRequest, response);
          return;
        }
      } catch (GeneralSecurityException | InvalidTokenException e) {
        // This is not a valid token, we will send HTTP 401 back
      }
    }
    ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED);
  }

  @Override
  public void destroy() {
  }
}

package com.hhimanshu.secure.auth.filters;

import static com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator.addAuthentication;
import static com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator.getUserFromToken;

import java.io.IOException;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;

@Component
public class RestFilter implements Filter {

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("init /rest/* filter");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;

    System.out.println("Token Filter pathInfo:" + request.getRequestURI());

    Optional<String> userFromToken = getUserFromToken(request);
    if (!userFromToken.isPresent()) {
      response.sendError(HttpStatus.UNAUTHORIZED.value());
      return;
    }

    addAuthentication(response, userFromToken.get());
    filterChain.doFilter(request, servletResponse);
  }

  @Override
  public void destroy() {
  }
}

并将过滤器注册为

package com.hhimanshu.secure.auth.filters;

import java.util.Collections;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class Filters {

  @Bean
  public FilterRegistrationBean loginRegistrationBean() {
    System.out.println("Setting up loginRegistrationBean");
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new LoginFilter());
    filterRegistrationBean.setUrlPatterns(Collections.singletonList("/login/*"));
    return filterRegistrationBean;
  }

  @Bean
  public FilterRegistrationBean restRegistrationBean() {
    System.out.println("Setting up restRegistrationBean");
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new RestFilter());
    filterRegistrationBean.setUrlPatterns(Collections.singletonList("/rest/*"));
    return filterRegistrationBean;
  }
}

然后它开始工作

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.3.RELEASE)

2017-05-09 15:32:42.551  INFO 88944 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Starting ServerApplication on HHimanshu-MBR64.local with PID 88944 (/Users/Harit.Himanshu/IdeaProjects/q2/server/target/classes started by Harit.Himanshu in /Users/Harit.Himanshu/IdeaProjects/q2/server)
2017-05-09 15:32:42.553  INFO 88944 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : No active profile set, falling back to default profiles: default
2017-05-09 15:32:42.613  INFO 88944 --- [  restartedMain] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5164cfb9: startup date [Tue May 09 15:32:42 NZST 2017]; root of context hierarchy
2017-05-09 15:32:43.472  INFO 88944 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-09 15:32:43.480  INFO 88944 --- [  restartedMain] o.apache.catalina.core.StandardService   : Starting service Tomcat
2017-05-09 15:32:43.481  INFO 88944 --- [  restartedMain] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.14
2017-05-09 15:32:43.524  INFO 88944 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2017-05-09 15:32:43.525  INFO 88944 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 914 ms
Setting up loginRegistrationBean
Setting up restRegistrationBean
2017-05-09 15:32:43.622  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-09 15:32:43.623  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-09 15:32:43.623  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-09 15:32:43.623  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'loginFilter' to urls: [/login/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'restFilter' to urls: [/rest/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Filter restFilter was not registered (possibly already registered?)
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
init /login filter
init /rest/* filter
2017-05-09 15:32:43.830  INFO 88944 --- [  restartedMain] b.a.s.AuthenticationManagerConfiguration : 

Using default security password: b5705a6c-418d-44b1-8ec0-04d1094693f8

2017-05-09 15:32:43.911  INFO 88944 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4494ada7, org.springframework.security.web.context.SecurityContextPersistenceFilter@155437e7, org.springframework.security.web.header.HeaderWriterFilter@1e35a1a1, org.springframework.security.web.authentication.logout.LogoutFilter@5f1a3502, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f5ae09c, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@244b340d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@66f2d458, org.springframework.security.web.session.SessionManagementFilter@76507fe1, org.springframework.security.web.access.ExceptionTranslationFilter@74272ac7, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3619c72b]
2017-05-09 15:32:43.965  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5164cfb9: startup date [Tue May 09 15:32:42 NZST 2017]; root of context hierarchy
2017-05-09 15:32:43.997  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/hello],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.HelloWorldService.sayHello()
2017-05-09 15:32:43.998  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login],methods=[POST]}" onto public void com.hhimanshu.secure.api.LoginService.authenticate()
2017-05-09 15:32:43.999  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/tweets],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.TweetsService.tweets()
2017-05-09 15:32:44.002  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-09 15:32:44.003  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-09 15:32:44.022  INFO 88944 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.022  INFO 88944 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.044  INFO 88944 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.058  INFO 88944 --- [  restartedMain] oConfiguration$WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2017-05-09 15:32:44.117  INFO 88944 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2017-05-09 15:32:44.150  INFO 88944 --- [  restartedMain] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2017-05-09 15:32:44.188  INFO 88944 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-09 15:32:44.192  INFO 88944 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Started ServerApplication in 2.112 seconds (JVM running for 2.425)
2017-05-09 15:32:49.114  INFO 88944 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-09 15:32:49.114  INFO 88944 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-09 15:32:49.123  INFO 88944 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 9 ms
Token Filter pathInfo:/rest/goobar
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5qw
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5qw
Token Filter pathInfo:/rest/tweets
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5q
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5q
Token Filter pathInfo:/rest/hello
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ3VU1RcG9DemRfYm9jaEJEMjBlYkhRIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI3Nzg2NSwiZXhwIjoxNDk0MjgxNDY1LCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.hQSvNFuh7MBNhHjpmAT40xi43Siyz2xF6j1kQ2cvvc-sB-5wDDgHOfKJFzvktYUQrT0Vso-d9Vdq4gmLyfwGBfWEkj1dNNZIn5IE4RWG4gKYrQkT2iDDI_9d1QyqYNPmdgP_RGlszMoL4Le5s1QXMU9p-Uj39-2dIwD2ska-n3ebH7fPv1iBkCOibnbuCtadn5NqTmJ-NtJ5nRhXNyiuK3QNV83g2w17cDnZF_s2pNLHPNWaciuJpqiVOhzS_3l4OL82yYv0O7vKc8wOjwz8B8izyCh-oI3wGe7puFqrsf_Sl2WMKrm4B7pc20x3XuaKgGLdRaIXpwSS8sh8jMHiaA
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ3VU1RcG9DemRfYm9jaEJEMjBlYkhRIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI3Nzg2NSwiZXhwIjoxNDk0MjgxNDY1LCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.hQSvNFuh7MBNhHjpmAT40xi43Siyz2xF6j1kQ2cvvc-sB-5wDDgHOfKJFzvktYUQrT0Vso-d9Vdq4gmLyfwGBfWEkj1dNNZIn5IE4RWG4gKYrQkT2iDDI_9d1QyqYNPmdgP_RGlszMoL4Le5s1QXMU9p-Uj39-2dIwD2ska-n3ebH7fPv1iBkCOibnbuCtadn5NqTmJ-NtJ5nRhXNyiuK3QNV83g2w17cDnZF_s2pNLHPNWaciuJpqiVOhzS_3l4OL82yYv0O7vKc8wOjwz8B8izyCh-oI3wGe7puFqrsf_Sl2WMKrm4B7pc20x3XuaKgGLdRaIXpwSS8sh8jMHiaA