1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

Debugging Spring Security web application

Posted at

Setup to show debug message

I will show it by using my example application.

First on class "info.saladlam.example.spring.noticeboard.config.WebSecurityConfig", pass parameter into annotation @EnableWebSecurity as below

@EnableWebSecurity(debug = true)

Then on file "src/main/resources/application.properties", add following line

logging.level.org.springframework.security=debug

On browser open link "http://localhost:8080/", if you see log message likes below, setup is success.

2019-09-09 09:59:27.983  INFO 8052 --- [nio-8080-exec-4] Spring Security Debugger                 : 

************************************************************

Request received for GET '/':

org.apache.catalina.connector.RequestFacade@21984639

servletPath:/
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-TW,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://localhost:8080/manage
connection: keep-alive
cookie: JSESSIONID=5B745B47B9D5975FCA05D8755BB2D1D6
upgrade-insecure-requests: 1
cache-control: max-age=0


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************


2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /logout'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /loginHandler'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache        : saved request doesn't match
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@a0d1f6b9: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.session.SessionManagementFilter  : Requested session ID 5B745B47B9D5975FCA05D8755BB2D1D6 is invalid.
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/'; against '/manage/*/approve'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/'; against '/manage/**'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor    : Public object - authentication not attempted
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / reached end of additional filter chain; proceeding with original chain
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : GET "/", parameters={}
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public java.lang.String info.saladlam.example.spring.noticeboard.controller.PublicController.index(org.springframework.ui.Model)
2019-09-09 09:59:27.986 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2019-09-09 09:59:27.986 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [SELECT * FROM message WHERE approved_by IS NOT NULL AND publish_date <= ? AND (remove_date IS NULL OR remove_date > ?) ORDER BY publish_date DESC]
2019-09-09 09:59:27.987 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'ID' to property 'id' of type 'java.lang.Long'
2019-09-09 09:59:27.988 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'PUBLISH_DATE' to property 'publishDate' of type 'java.time.LocalDateTime'
2019-09-09 09:59:27.988 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'REMOVE_DATE' to property 'removeDate' of type 'java.time.LocalDateTime'
2019-09-09 09:59:27.988 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'OWNER' to property 'owner' of type 'java.lang.String'
2019-09-09 09:59:27.988 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'DESCRIPTION' to property 'description' of type 'java.lang.String'
2019-09-09 09:59:27.989 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'APPROVED_BY' to property 'approvedBy' of type 'java.lang.String'
2019-09-09 09:59:27.989 DEBUG 8052 --- [nio-8080-exec-4] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'APPROVED_DATE' to property 'approvedDate' of type 'java.time.LocalDateTime'
2019-09-09 09:59:27.994 DEBUG 8052 --- [nio-8080-exec-4] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
2019-09-09 09:59:28.003 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2f3aea8b
2019-09-09 09:59:28.004 DEBUG 8052 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2019-09-09 09:59:28.004 DEBUG 8052 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2019-09-09 09:59:28.004 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter     : Chain processed normally
2019-09-09 09:59:28.004 DEBUG 8052 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

Meaning of log message

Header information received with request

Request received for GET '/':

org.apache.catalina.connector.RequestFacade@21984639

servletPath:/
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-TW,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://localhost:8080/manage
connection: keep-alive
cookie: JSESSIONID=5B745B47B9D5975FCA05D8755BB2D1D6
upgrade-insecure-requests: 1
cache-control: max-age=0

What filter is included in security filter chain

Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]

What is done on each filter

2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-09-09 09:59:27.983 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /logout'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /loginHandler'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache        : saved request doesn't match
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-09-09 09:59:27.984 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@a0d1f6b9: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.session.SessionManagementFilter  : Requested session ID 5B745B47B9D5975FCA05D8755BB2D1D6 is invalid.
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/'; against '/manage/*/approve'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/'; against '/manage/**'
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor    : Public object - authentication not attempted
2019-09-09 09:59:27.985 DEBUG 8052 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : / reached end of additional filter chain; proceeding with original chain

Access protected resource without login

User can enter link "http://localhost:8080/manage" if following condition fulfilled.

  1. User is logged in, otherwise redirect to "http://localhost:8080/login"
  2. User has "USER" authority

Below is log message.

2019-09-09 10:23:23.418  INFO 8052 --- [nio-8080-exec-5] Spring Security Debugger                 : 

************************************************************

Request received for GET '/manage':

org.apache.catalina.connector.RequestFacade@21984639

servletPath:/manage
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-TW,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
connection: keep-alive
cookie: JSESSIONID=5B745B47B9D5975FCA05D8755BB2D1D6
upgrade-insecure-requests: 1


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************


2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /manage' doesn't match 'POST /logout'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /manage' doesn't match 'POST /loginHandler'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache        : saved request doesn't match
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@a0d1f6b9: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.session.SessionManagementFilter  : Requested session ID 5B745B47B9D5975FCA05D8755BB2D1D6 is invalid.
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /manage at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/manage'; against '/manage/*/approve'
2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/manage'; against '/manage/**'
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /manage; Attributes: [hasAuthority('USER')]
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@a0d1f6b9: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20931c33, returned: -1
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:77) [spring-security-web-5.1.6.RELEASE.jar:5.1.6.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) [spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_222]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_222]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.22.jar:9.0.22]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_222]

2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using Ant [pattern='/**', GET]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request '/manage' matched by universal pattern '/**'
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.*']]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/manage'; against '/**/favicon.*'
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@48bae240, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing text/html
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith text/html = false
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing application/xhtml+xml
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith application/xhtml+xml = false
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing application/xml;q=0.9
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith application/xml;q=0.9 = false
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing */*;q=0.8
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : Ignoring
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.m.MediaTypeRequestMatcher      : Did not match any media types
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : All requestMatchers returned true
2019-09-09 10:23:23.440  INFO 8052 --- [nio-8080-exec-5] Spring Security Debugger                 : 

************************************************************

New HTTP session created: 600351D5D67C5EC315DCB96ED3AD3A79

Call stack: 

	at org.springframework.security.web.debug.Logger.info(Logger.java:44)
	at org.springframework.security.web.debug.DebugRequestWrapper.getSession(DebugFilter.java:166)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:250)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:250)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:250)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:250)
	at org.springframework.security.web.savedrequest.HttpSessionRequestCache.saveRequest(HttpSessionRequestCache.java:60)
	at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:211)
	at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:185)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:141)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90)
	at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:77)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)


************************************************************


2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache        : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/manage]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'http://localhost:8080/login'
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2f3aea8b
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

From following log, I knew access control is correctly setup.

2019-09-09 10:23:23.418 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/manage'; against '/manage/**'
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /manage; Attributes: [hasAuthority('USER')]

Not login user is treated as anonymous user, and has no right to enter this link.

2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@a0d1f6b9: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20931c33, returned: -1
2019-09-09 10:23:23.429 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

Save last visiting link into session and redirect to login page.

2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache        : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/manage]
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
2019-09-09 10:23:23.440 DEBUG 8052 --- [nio-8080-exec-5] o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'http://localhost:8080/login'

Performing authentication

After entering username and password, authentication is processed by "http://localhost:8080/loginHandler".

Below is log message.

2019-09-09 10:49:50.803  INFO 8052 --- [io-8080-exec-10] Spring Security Debugger                 : 

************************************************************

Request received for POST '/loginHandler':

org.apache.catalina.connector.RequestFacade@21984639

servletPath:/loginHandler
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-TW,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
content-type: application/x-www-form-urlencoded
content-length: 72
connection: keep-alive
referer: http://localhost:8080/login
cookie: JSESSIONID=600351D5D67C5EC315DCB96ED3AD3A79
upgrade-insecure-requests: 1


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************


2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@c3207bc. A new one will be created.
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/loginHandler'; against '/logout'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/loginHandler'; against '/loginHandler'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2019-09-09 10:49:50.806 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [select username,password,enabled from users where username = ?]
2019-09-09 10:49:50.807 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2019-09-09 10:49:50.807 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [select username,authority from authorities where username = ?]
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@3b6c60ce
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@7401adfd
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8080/manage
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'http://localhost:8080/manage'
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2f3aea8b
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@681dd55: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@c3207bc
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

Authentication is handle by UsernamePasswordAuthenticationFilter. User information is query from database and know that "user1" with "USER" authority is login.

2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/loginHandler'; against '/logout'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /loginHandler at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/loginHandler'; against '/loginHandler'
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2019-09-09 10:49:50.803 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2019-09-09 10:49:50.806 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [select username,password,enabled from users where username = ?]
2019-09-09 10:49:50.807 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2019-09-09 10:49:50.807 DEBUG 8052 --- [io-8080-exec-10] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [select username,authority from authorities where username = ?]
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@3b6c60ce
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@7401adfd
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER

Redirect to previosly access link.

2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8080/manage
2019-09-09 10:49:50.902 DEBUG 8052 --- [io-8080-exec-10] o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'http://localhost:8080/manage'

Access protected resource after login

User "user1" accesses link "http://localhost:8080/manage". Below is log message.

2019-09-09 10:49:50.902  INFO 8052 --- [nio-8080-exec-1] Spring Security Debugger                 : 

************************************************************

Request received for GET '/manage':

org.apache.catalina.connector.RequestFacade@21984639

servletPath:/manage
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-TW,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://localhost:8080/login
connection: keep-alive
cookie: JSESSIONID=3F88F4330263D74BA5E6182E4DE35D8B
upgrade-insecure-requests: 1


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************


2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@681dd55: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /manage' doesn't match 'POST /logout'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /manage' doesn't match 'POST /loginHandler'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : pathInfo: both null (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : queryString: both null (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : requestURI: arg1=/manage; arg2=/manage (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : serverPort: arg1=8080; arg2=8080 (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : requestURL: arg1=http://localhost:8080/manage; arg2=http://localhost:8080/manage (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : scheme: arg1=http; arg2=http (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : serverName: arg1=localhost; arg2=localhost (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : contextPath: arg1=; arg2= (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.DefaultSavedRequest            : servletPath: arg1=/manage; arg2=/manage (property equals)
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Removing DefaultSavedRequest from session if present
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-09-09 10:49:50.902 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/manage'; against '/manage/*/approve'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/manage'; against '/manage/**'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /manage; Attributes: [hasAuthority('USER')]
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20931c33, returned: 1
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorization successful
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : RunAsManager did not change Authentication object
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /manage reached end of additional filter chain; proceeding with original chain
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : GET "/manage", parameters={}
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public java.lang.String info.saladlam.example.spring.noticeboard.controller.PrivateController.manage(org.springframework.ui.Model)
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [SELECT * FROM message WHERE owner = ? ORDER BY publish_date DESC]
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'ID' to property 'id' of type 'java.lang.Long'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'PUBLISH_DATE' to property 'publishDate' of type 'java.time.LocalDateTime'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'REMOVE_DATE' to property 'removeDate' of type 'java.time.LocalDateTime'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'OWNER' to property 'owner' of type 'java.lang.String'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'DESCRIPTION' to property 'description' of type 'java.lang.String'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'APPROVED_BY' to property 'approvedBy' of type 'java.lang.String'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.jdbc.core.BeanPropertyRowMapper      : Mapping column 'APPROVED_DATE' to property 'approvedDate' of type 'java.time.LocalDateTime'
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8]
2019-09-09 10:49:50.933 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2f3aea8b
2019-09-09 10:49:50.933 DEBUG 8052 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2019-09-09 10:49:50.933 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Chain processed normally
2019-09-09 10:49:50.933 DEBUG 8052 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

User pass authorization.

2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@681dd55: Principal: org.springframework.security.core.userdetails.User@6a68dc6: Username: user1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 600351D5D67C5EC315DCB96ED3AD3A79; Granted Authorities: USER
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20931c33, returned: 1
2019-09-09 10:49:50.917 DEBUG 8052 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorization successful
1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?