· 7 years ago · Jan 06, 2018, 07:18 PM
1@Configuration
2@EnableWebSecurity(debug = true) // debug enabled for this example
3public class SecurityConfig extends WebSecurityConfigurerAdapter {
4 @Autowired
5 private UserDetailsService userDetailsService;
6
7 @Bean
8 @Override
9 protected AuthenticationManager authenticationManager() throws Exception {
10 return super.authenticationManager();
11 }
12
13 @Override
14 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
15 auth
16 .userDetailsService(userDetailsService)
17 .passwordEncoder(new ShaPasswordEncoder(encodingStrength));
18 }
19
20 @Override
21 protected void configure(HttpSecurity http) throws Exception {
22 http
23 .httpBasic()
24 .realmName("My Realm")
25 .authenticationEntryPoint(getBasicAuthEntryPoint())
26 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
27 .and().csrf().disable();
28 }
29
30 // We need this because the default Spring behavior is to redirect to a login page,
31 // but our REST clients wont have that.
32 @Bean
33 public MyAuthenticationEntryPoint getBasicAuthEntryPoint(){
34 return new MyAuthenticationEntryPoint();
35 }
36
37 @Bean
38 public UserDetailsService userDetailsService() {
39 return userDetailsService;
40 }
41
42 @Bean
43 public JwtAccessTokenConverter accessTokenConverter() throws Exception {
44 JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
45 // This is a private RSA key file
46 converter.setSigningKey(FileUtils.readFileToString(signingKey.getFile(), "UTF-8"));
47 return converter;
48 }
49
50 @Bean
51 public TokenStore tokenStore() {
52 return new JwtTokenStore(accessTokenConverter());
53 }
54
55 @Bean
56 @Primary
57 //Making this primary to avoid any accidental duplication with another token service instance of the same name
58 public DefaultTokenServices tokenServices() {
59 DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
60 defaultTokenServices.setTokenStore(tokenStore());
61 defaultTokenServices.setSupportRefreshToken(true);
62 return defaultTokenServices;
63 }
64
65@Configuration
66@EnableAuthorizationServer
67public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
68 @Autowired
69 private TokenStore tokenStore;
70
71 @Autowired
72 private JwtAccessTokenConverter accessTokenConverter;
73
74 @Autowired
75 private AuthenticationManager authenticationManager;
76
77 @Override
78 public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
79 configurer
80 .inMemory()
81 .withClient("MyClientId")
82 .secret("MyClientSecret")
83 .authorizedGrantTypes("password")
84 .authorities("PUBLIC", "USER", "ADMIN") // not sure this is needed/useful but I saw it in some examples
85 .scopes("read", "write", "trust")
86 .resourceIds("MyResourceId");
87 }
88
89 @Override
90 public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
91 oauthServer.checkTokenAccess("permitAll()");
92 oauthServer.allowFormAuthenticationForClients();
93 }
94
95 @Override
96 public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
97 TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
98 enhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
99 endpoints.tokenStore(tokenStore)
100 .accessTokenConverter(accessTokenConverter)
101 .tokenEnhancer(enhancerChain)
102 .authenticationManager(authenticationManager);
103 }
104}
105
106@Configuration
107@EnableResourceServer
108public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
109 @Autowired
110 private ResourceServerTokenServices tokenServices;
111
112 @Value("${security.jwt.resource-ids}")
113 private String resourceIds;
114
115 @Override
116 public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
117 resources.resourceId(resourceIds).tokenServices(tokenServices);
118 }
119
120 @Override
121 public void configure(HttpSecurity http) throws Exception {
122 http
123 .requestMatchers()
124 .and()
125 .authorizeRequests()
126 .antMatchers("/hello").permitAll() // fully accessible, unsecured
127 .antMatchers("/item/**").hasRole("USER") // must be authenticated and associated with a user role
128 // I've also tried this which has the same result:
129 //.antMatchers("/item/**").access("#oauth2.clientHasRole('USER')");
130}
131
132curl MyClientId:MyClientSecret@localhost:8080/oauth/token -d grant_type=password -d username=user -d password=pass
133
134{"access_token":"{"access_token":"<token>","token_type":"bearer","expires_in":43199,"scope":"read write","jti":"2d7048b6-60ae-4984-af3f-db4b576b9672"}","token_type":"bearer","expires_in":43199,"scope":"read write","jti":"2d7048b6-60ae-4984-af3f-db4b576b9672"}
135
136eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiRWRpc29uUmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiZWRkaWVAcmVlZXAuY29tIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImV4cCI6MTUxNTMwNDkzNiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIiwiUk9MRV9QVUJMSUMiXSwianRpIjoiMmQ3MDQ4YjYtNjBhZS00OTg0LWFmM2YtZGI0YjU3NmI5NjcyIiwiY2xpZW50X2lkIjoiRWRpc29uQ2xpZW50In0.VLmgIg-Q4mIyPgahqJscQrCq-GgHYzHDA_m7yRRjhyg8vZZ9eprdMbZvHFYT5bAg-gnRL9FRZF0fMU1xxAqwS8RaXxEErfrUldc0OiGIuEP450QJLIslo0qzjtP2pxtS_jyfs80NGgK2o8NqhUoqF0Arslg5DTBAWuUxOnk1Z7YVdn6HtaNWDzNbJHGoDHInHD3dzo8nfEuSvNRRaKfeR8FeMWLmfoizYe3aut7X0YISojVcjnHZozaZ52CvmcWAMeXmU7xdZm48SthPzQwm6c5AKy-RuanqJf38WDRSPkFU9klwc9LFt76iGAj50GvaZnTydy4HFqU1450TPhWTufX4AvoID4aoE5tsYL1zqmVxlo8Elg5A_lFIPxEjnK2EOV-qQOdQq9_5znfgsY-OMe6LXVYHnzv9EAkkbQyqV0tWHrLCEOnMkt0g5Kl3uwV7Kmz0Fw98GILxzhOdDQOxXrvEMGo41cB57SvLhBEHsL-0vA-sex9KYEivGm7CuInQ-xC5ZxshvJ69K33RDH349WCpnNJqdn8RWnKnTmeMy1h17ufzbGkq_gnzN7N6rYAlqqFlie8YLfC0Ih53QgQZ8E0pqHSjjzscaVkjWFBN3-L5aqo4ynf7-1mhW5_YxxgrWzTvY0_jKWX6FyrjmqcDh9BRUp2kGn0jPLFZ_kPi4Ps
137
138curl http://localhost:8080/item -H 'Authorization: <token>'
139
140{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
141
142************************************************************
143
144Request received for GET '/item':
145
146org.apache.catalina.connector.RequestFacade@7e652eb5
147
148servletPath:/item
149pathInfo:null
150headers:
151host: localhost:8080
152user-agent: curl/7.54.0
153accept: */*
154authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiRWRpc29uUmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiZWRkaWVAcmVlZXAuY29tIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIiwidHJ1c3QiXSwiZXhwIjoxNTE1MzA2MzkzLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiLCJST0xFX1BVQkxJQyJdLCJqdGkiOiJlMmNhNTQ0MS01Y2M4LTRiMDYtOWMxMy0zM2FmYzIzODk3ZDYiLCJjbGllbnRfaWQiOiJFZGlzb25DbGllbnQifQ.qR3UgHOuWjXKjR0f2Acf38TJaVvkQf5ExkMNjidPswo
155
156
157Security filter chain: [
158 WebAsyncManagerIntegrationFilter
159 SecurityContextPersistenceFilter
160 HeaderWriterFilter
161 LogoutFilter
162 OAuth2AuthenticationProcessingFilter
163 RequestCacheAwareFilter
164 SecurityContextHolderAwareRequestFilter
165 AnonymousAuthenticationFilter
166 SessionManagementFilter
167 ExceptionTranslationFilter
168 FilterSecurityInterceptor
169]
170
171
172************************************************************
173
174
175[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/oauth/token']
176[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/oauth/token'
177[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/oauth/token_key']
178[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/oauth/token_key'
179[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/oauth/check_token']
180[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/oauth/check_token'
181[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: No matches found
182[2018-01-06 13:26:34.245] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
183[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
184[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
185[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.h.w.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@750df039
186[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
187[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/logout', GET]
188[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/logout'
189[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/logout', POST]
190[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Request 'GET /item' doesn't match 'POST /logout
191[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/logout', PUT]
192[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Request 'GET /item' doesn't match 'PUT /logout
193[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: Trying to match using Ant [pattern='/logout', DELETE]
194[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Request 'GET /item' doesn't match 'DELETE /logout
195[2018-01-06 13:26:34.246] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.OrRequestMatcher: No matches found
196[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
197[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.o.p.a.BearerTokenExtractor: Token not found in headers. Trying request parameters.
198[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.o.p.a.BearerTokenExtractor: Token not found in request parameters. Not an OAuth2 request.
199[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter: No token in request, will continue chain.
200[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
201[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
202[2018-01-06 13:26:34.247] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
203[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.a.AnonymousAuthenticationFilter: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
204[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
205[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
206[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.FilterChainProxy: /item at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
207[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/css/**'
208[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/index'
209[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/hello'
210[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/item'; against '/item/**'
211[2018-01-06 13:26:34.248] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.a.i.FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /item; Attributes: [#oauth2.throwOnError(#oauth2.clientHasRole('USER'))]
212[2018-01-06 13:26:34.249] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.a.i.FilterSecurityInterceptor: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
213[2018-01-06 13:26:34.253] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.a.v.AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5ad8f59c, returned: -1
214[2018-01-06 13:26:34.261] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.a.ExceptionTranslationFilter: Access is denied (user is anonymous); redirecting to authentication entry point
215org.springframework.security.access.AccessDeniedException: Access is denied
216 at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
217 at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
218 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
219 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
220 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
221 at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
222 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
223 at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
224 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
225 at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
226 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
227 at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
228 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
229 at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
230 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
231 at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:176)
232 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
233 at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
234 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
235 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
236 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
237 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
238 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
239 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
240 at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
241 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
242 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
243 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
244 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
245 at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90)
246 at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:77)
247 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
248 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
249 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
250 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
251 at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
252 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
253 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
254 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
255 at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
256 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
257 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
258 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
259 at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
260 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
261 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
262 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
263 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
264 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
265 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
266 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
267 at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
268 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
269 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
270 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
271 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
272 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
273 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
274 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
275 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
276 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
277 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
278 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
279 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
280 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
281 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
282 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
283 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
284 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
285 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
286 at java.lang.Thread.run(Thread.java:745)
287[2018-01-06 13:26:34.262] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.a.ExceptionTranslationFilter: Calling Authentication entry point.
288[2018-01-06 13:26:34.275] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.o.p.e.DefaultOAuth2ExceptionRenderer: Written [error="unauthorized", error_description="Full authentication is required to access this resource"] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@507801f7]
289[2018-01-06 13:26:34.276] - 46369 DEBUG [http-nio-8080-exec-2] --- o.s.s.w.c.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed