Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @RequestMapping(method = RequestMethod.POST)
- @ResponseStatus(value = HttpStatus.OK)
- public ResponseEntity<?> auth(FormData formData, HttpServletRequest req, HttpServletResponse resp) {
- System.out.println("11111111111111 inside POST");
- HttpHeaders responseHeaders = new HttpHeaders();
- boolean passedTheTest = true;//ACTUAL LOGIC IS OMITTED HERE FOR SIMPLICITY
- if (passedTheTest) {
- //SOME OFF TOPIC LOGIC HERE IS OMITTED
- CsrfToken csrf = (CsrfToken) req.getAttribute(CsrfToken.class.getName());
- String updateCsrf = csrf.getToken();
- responseHeaders.set("XSRF-TOKEN", updateCsrf);
- if(resp.getHeaders("Cache-Control")!=null){responseHeaders.put("Cache-Control" , new ArrayList<String>(resp.getHeaders("Cache-Control")));}
- if(resp.getHeader("Content-Language")!=null){responseHeaders.set("Content-Language" , resp.getHeader("Content-Language"));}
- if(resp.getHeader("Content-Length")!=null){responseHeaders.set("Content-Length" , resp.getHeader("Content-Length"));}
- if(resp.getHeader("Date")!=null){responseHeaders.set("Date" , resp.getHeader("Date"));}
- if(resp.getHeader("Expires")!=null){responseHeaders.set("Expires" , resp.getHeader("Expires"));}
- if(resp.getHeader("Pragma")!=null){responseHeaders.set("Pragma" , resp.getHeader("Pragma"));}
- if(resp.getHeader("Server")!=null){responseHeaders.set("Server" , resp.getHeader("Server"));}
- if(resp.getHeader("X-Application-Context")!=null){responseHeaders.set("X-Application-Context" , resp.getHeader("X-Application-Context"));}
- if(resp.getHeader("X-Frame-Options")!=null){responseHeaders.set("X-Frame-Options" , resp.getHeader("X-Frame-Options"));}
- if(resp.getHeader("X-XSS-Protection")!=null){responseHeaders.set("X-XSS-Protection" , resp.getHeader("X-XSS-Protection"));}
- if(resp.getHeader("x-content-type-options")!=null){responseHeaders.set("x-content-type-options" , resp.getHeader("x-content-type-options"));}
- if(req.getSession().getAttribute("forwardTo")!=null){
- String redirectTo = getValidUriFromAnotherFunction();
- try {
- URI location = new URI(redirectTo);
- responseHeaders.setLocation(location);
- } catch (URISyntaxException e) {e.printStackTrace();}
- ResponseEntity<Void> forwardResponseEntity = new ResponseEntity<Void>(responseHeaders, HttpStatus.CREATED);
- return forwardResponseEntity;
- }
- };
- return new ResponseEntity<String>("aDifferentViewTemplateName", responseHeaders, HttpStatus.CREATED);
- }
- Host: localhost:7777
- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Referer: http://localhost:7777/path/to/controller_method
- Cookie: JSESSIONID=911B34457B69F7729091DD97A160AD79; JSESSIONID=95AA730306330CF15E3776C495807354; XSRF-TOKEN=04ae2a0c-3c58-4e85-88bd-3818bb10402a
- Connection: keep-alive
- Cache-Control: no-cache, no-store, max-age=0, must-revalidate, no-cache, no-store, max-age=0, must-revalidate
- Content-Length: 0
- Date: Sun, 29 May 2016 21:48:24 GMT
- Expires: 0, 0
- Location: http://localhost:7777/path/to/forward_destination?long_querystring
- Pragma: no-cache, no-cache
- Server: Apache-Coyote/1.1
- X-Application-Context: application:7777, application:7777
- X-Content-Type-Options: nosniff, nosniff
- X-Frame-Options: DENY, DENY
- X-XSS-Protection: 1; mode=block, 1; mode=block
- XSRF-TOKEN: 04ae2a0c-3c58-4e85-88bd-3818bb10402a
- 2016-05-29 14:48:24.464 DEBUG 5533 --- [io-7777-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/css/**']
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/css/**'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/js/**']
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/js/**'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/images/**']
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/images/**'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/**/favicon.ico']
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/**/favicon.ico'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/error']
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/error'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/greeting'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@4b2636b9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4b2636b9: Principal: org.springframework.security.core.userdetails.User@40fecce: Username: SomeUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ONE,ROLE_TWO; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 02A95844E8A829868542290D471503F5; Granted Authorities: ROLE_ONE, ROLE_TWO'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@6093410f
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
- 2016-05-29 14:48:24.465 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/logout'
- 2016-05-29 14:48:24.468 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
- 2016-05-29 14:48:24.468 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/login'
- 2016-05-29 14:48:24.468 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
- 2016-05-29 14:48:24.468 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
- 2016-05-29 14:48:24.468 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4b2636b9: Principal: org.springframework.security.core.userdetails.User@40fecce: Username: SomeUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ONE,ROLE_TWO; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 02A95844E8A829868542290D471503F5; Granted Authorities: ROLE_ONE, ROLE_TWO'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/to/forward_destination'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/to/controller_method'; against '/to/controller_method'
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /to/controller_method; Attributes: [permitAll]
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4b2636b9: Principal: org.springframework.security.core.userdetails.User@40fecce: Username: SomeUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ONE,ROLE_TWO; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 02A95844E8A829868542290D471503F5; Granted Authorities: ROLE_ONE, ROLE_TWO
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2cbb978a, returned: 1
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
- 2016-05-29 14:48:24.469 DEBUG 5533 --- [io-7777-exec-10] o.s.security.web.FilterChainProxy : /to/controller_method reached end of additional filter chain; proceeding with original chain
- 11111111111111 inside POST
- redirectTo is: http://localhost:7777/path/to/forward_destination?long_querystring
- 2016-05-29 14:48:24.489 DEBUG 5533 --- [io-7777-exec-10] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
- 2016-05-29 14:48:24.489 DEBUG 5533 --- [io-7777-exec-10] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@42259e42: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@42259e42: Principal: org.springframework.security.core.userdetails.User@40fecce: Username: SomeUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ONE,ROLE_TWO; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 02A95844E8A829868542290D471503F5; Granted Authorities: ROLE_ONE, ROLE_TWO, ROLE_THREE' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@64307ead
- 2016-05-29 14:48:24.489 DEBUG 5533 --- [io-7777-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement