Affects: Springboot 3.2.0
I am currently using Spring Security. However, when accessing the admin page, the error log written below occurs and 404 Not Found error occurs for all pages. May I know what's causing this?
Error Log
WARN 9473 --- [nio-8080-exec-1] o.s.w.s.h.HandlerMappingIntrospector : Cache miss for REQUEST dispatch to '/admin' (previous null). Performing CorsConfiguration lookup. This is logged once only at WARN level, and every time at TRACE.
WARN 9473 --- [nio-8080-exec-1] o.s.w.s.h.HandlerMappingIntrospector : Cache miss for REQUEST dispatch to '/admin' (previous null). Performing MatchableHandlerMapping lookup. This is logged once only at WARN level, and every time at TRACE.
ScreenShot
SecurityConfig
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/admin/**").authenticated()
.anyRequest().permitAll())
.formLogin(Customizer.withDefaults())
.httpBasic(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
}
Comment From: bclozel
The error log is related to https://github.com/spring-projects/spring-security/issues/14128.
The 404 issue is completely independent. Is there a controller mapped at this endpoint? Can you share a minimal sample that demonstrates this?
Comment From: PgmJun
The 404 issue is completely independent. Is there a controller mapped at this endpoint? Can you share a minimal sample that demonstrates this?
sure! this is controller code.
Controller
@Controller
@RequiredArgsConstructor(access = AccessLevel.PROTECTED)
public class ApplicantController {
private final ApplicantService applicantService;
@GetMapping("/admin")
public String moveAdminPage(Model model) {
model.addAttribute("applicants", applicantService.findAllApplicantInfo());
return "admin";
}
Comment From: PgmJun
The error log is related to spring-projects/spring-security#14128.
thank you😃
Comment From: bclozel
This code snippet should work, there might be a problem somewhere else. Can you share a sample project?
Comment From: PgmJun
This code snippet should work, there might be a problem somewhere else. Can you share a sample project?
I'll leave a link to the git repository!
https://github.com/20-Testers/reviewerRecruiter-Server
Comment From: bclozel
404 error is expected, I'm not seeing any controller in the project.
Comment From: PgmJun
404 error is expected, I'm not seeing any controller in the project.
oh I'm really sorry.. i was implementing a feature in the feat/#1 branch, not the main branch. I forgot to explan this.
Comment From: bclozel
I can't reproduce the problem. Running with a the "local" profile and accessing http://localhost:8080/admin (after entering credentials) works for me.
Comment From: PgmJun
I can't reproduce the problem. Running with a the "local" profile and accessing
http://localhost:8080/admin(after entering credentials) works for me.
To explain this problem in more detail, Problems occurred when the spring boot application was restarted without closing the browser that accessed the 'http://localhost:8080/admin' url.
Comment From: bclozel
Sorry but I can't spend more time on this. We use this issue tracker for enhancement requests and bug reports. It seems you're describing the fact that the authentication session is not persisted between app restarts. There are projects dedicated to solving that, like Spring Session. For further questions, please use StackOverflow.