These are chat archives for spring-cloud/spring-cloud

7th
Jan 2015
Dave Syer
@dsyer
Jan 07 2015 07:56
I haven't noticed that. Do you have some steps to reproduce (e.g. using one of the sample apps)?
William Gorder
@wgorder
Jan 07 2015 20:24
I can give that a shot
Do you happen to know anything in the spring-cloud stuff that sets security ant matchers?
I am getting this.
2015-01-07 15:20:20.256 DEBUG 59991 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : / at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-01-07 15:20:20.256 DEBUG 59991 --- [nio-8080-exec-1] o.s.s.w.session.SessionManagementFilter : Requested session ID 4f2dc24f-93c8-4b28-8b84-2a7f6147ecef is invalid.
2015-01-07 15:20:20.256 DEBUG 59991 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : / at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-01-07 15:20:20.256 DEBUG 59991 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : / at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-01-07 15:20:20.257 DEBUG 59991 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
although on start-up it clearly is set to permit all
2015-01-07 15:20:08.247 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for Ant [pattern='/logout']
2015-01-07 15:20:08.247 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for org.springframework.security.config.annotation.web.configurers.PermitAllSupport$ExactUrlRequestMatcher@888d14
2015-01-07 15:20:08.247 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for Ant [pattern='/']
2015-01-07 15:20:08.247 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for Ant [pattern='/']
2015-01-07 15:20:08.248 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'authenticated', for org.springframework.security.web.util.matcher.AnyRequestMatcher@1
2015-01-07 15:20:08.248 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for Ant [pattern='/
/*']
2015-01-07 15:20:08.248 DEBUG 59991 --- [ost-startStop-1] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for Ant [pattern='/login']
William Gorder
@wgorder
Jan 07 2015 20:31
It looks like the authenticate all is getting set by something right after all the actuator, health, hystrix, routes etc endpoints. Maybe that is matching before my permit all since order matters.
William Gorder
@wgorder
Jan 07 2015 20:49
Looks like I had a configure(WebSecurity web) in another configuration file that was adding it.