I created a microservice project that consist of a few services. In one of these services, I added an HTTP Filter to get user id in the request header that comes from API gateway. But after adding this filter, the application gives 404 not found error. But whenever I put a breakpoint to the target endpoint, I can see the request comes sucessfully but gives 404-not found.
For 2 days, I've tried to find a solution but nothing did work. Do you have any idea why this eror occures?
My web security config
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private HttpFilter httpFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/**")
.permitAll()
.anyRequest()
.authenticated();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(httpFilter, UsernamePasswordAuthenticationFilter.class);
}
}
HttpFilter class
@Component
public class HttpFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String userId = request.getHeader("x-auth-user-id");
if(userId !=null){
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
userId,null,null
);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
filterChain.doFilter(request,response);
}
}
LOGS
2022-04-01 00:39:49.734 DEBUG 6384 --- [nio-8080-exec-2] o.a.t.util.http.Rfc6265CookieProcessor : Cookies: Parsing b[]: JSESSIONID=F04A8A4650623E59586BA5D0B3AFFB78
2022-04-01 00:39:49.734 DEBUG 6384 --- [nio-8080-exec-2] o.a.catalina.connector.CoyoteAdapter : Requested cookie session id is F04A8A4650623E59586BA5D0B3AFFB78
2022-04-01 00:39:49.735 DEBUG 6384 --- [nio-8080-exec-2] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /api/message/getAll
2022-04-01 00:39:49.735 DEBUG 6384 --- [nio-8080-exec-2] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2022-04-01 00:39:49.735 DEBUG 6384 --- [nio-8080-exec-2] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2022-04-01 00:39:49.735 DEBUG 6384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /api/message/getAll
2022-04-01 00:39:49.735 DEBUG 6384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=1, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2022-04-01 00:39:49.735 DEBUG 6384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=1, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2022-04-01 00:39:49.736 DEBUG 6384 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized filter invocation [GET /api/message/getAll] with attributes [permitAll]
2022-04-01 00:39:49.736 DEBUG 6384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Secured GET /api/message/getAll
2022-04-01 00:39:49.737 DEBUG 6384 --- [nio-8080-exec-2] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2022-04-01 00:39:49.737 DEBUG 6384 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : GET "/api/message/getAll", parameters={}
2022-04-01 00:39:49.737 DEBUG 6384 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.speakiv.socialservice.api.MessageApi#getAll()
2022-04-01 00:39:49.737 DEBUG 6384 --- [nio-8080-exec-2] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-04-01 00:39:49.738 DEBUG 6384 --- [nio-8080-exec-2] o.s.orm.jpa.JpaTransactionManager : Found thread-bound EntityManager [SessionImpl(494638892<open>)] for JPA transaction
2022-04-01 00:39:49.739 DEBUG 6384 --- [nio-8080-exec-2] o.s.orm.jpa.JpaTransactionManager : Creating new transaction with name [org.springframework.data.jpa.repository.support.SimpleJpaRepository.findAll]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly
2022-04-01 00:39:49.747 DEBUG 6384 --- [nio-8080-exec-2] o.s.jdbc.datasource.DataSourceUtils : Setting JDBC Connection [HikariProxyConnection@1484327655 wrapping com.mysql.cj.jdbc.ConnectionImpl@47fa3671] read-only
2022-04-01 00:39:49.751 DEBUG 6384 --- [nio-8080-exec-2] o.h.e.t.internal.TransactionImpl : On TransactionImpl creation, JpaCompliance#isJpaTransactionComplianceEnabled == false
2022-04-01 00:39:49.751 DEBUG 6384 --- [nio-8080-exec-2] o.h.e.t.internal.TransactionImpl : begin
2022-04-01 00:39:49.753 DEBUG 6384 --- [nio-8080-exec-2] o.s.orm.jpa.JpaTransactionManager : Exposing JPA transaction as JDBC [org.springframework.orm.jpa.vendor.HibernateJpaDialect$HibernateConnectionHandle@50106ca8]
2022-04-01 00:39:49.753 DEBUG 6384 --- [nio-8080-exec-2] o.h.q.c.internal.CriteriaQueryImpl : Rendered criteria query -> select generatedAlias0 from UserMessage as generatedAlias0
2022-04-01 00:39:49.754 DEBUG 6384 --- [nio-8080-exec-2] org.hibernate.SQL : select usermessag0_.id as id1_5_, usermessag0_.date as date2_5_, usermessag0_.message as message3_5_, usermessag0_.receiver_id as receiver4_5_, usermessag0_.sender_id as sender_i5_5_ from user_messages usermessag0_
2022-04-01 00:39:49.760 DEBUG 6384 --- [nio-8080-exec-2] org.hibernate.loader.Loader : Result set row: 0
2022-04-01 00:39:49.760 DEBUG 6384 --- [nio-8080-exec-2] org.hibernate.loader.Loader : Result row: EntityKey[com.speakiv.socialservice.model.entity.UserMessage#1]
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Resolving attributes for [com.speakiv.socialservice.model.entity.UserMessage#1]
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Processing attribute `date` : value = 2022-03-28 13:46:10.319
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Attribute (`date`) - enhanced for lazy-loading? - false
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Processing attribute `message` : value = Hello world
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Attribute (`message`) - enhanced for lazy-loading? - false
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Processing attribute `receiverId` : value = 1
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Attribute (`receiverId`) - enhanced for lazy-loading? - false
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Processing attribute `senderId` : value = 1
2022-04-01 00:39:49.765 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Attribute (`senderId`) - enhanced for lazy-loading? - false
2022-04-01 00:39:49.766 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Done materializing entity [com.speakiv.socialservice.model.entity.UserMessage#1]
2022-04-01 00:39:49.766 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Resolving attributes for [com.speakiv.socialservice.model.entity.UserMessage#2]
2022-04-01 00:39:49.766 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Processing attribute `date` : value = 2022-03-28 13:46:25.956
2022-04-01 00:39:49.769 DEBUG 6384 --- [nio-8080-exec-2] o.h.engine.internal.TwoPhaseLoad : Done materializing entity [com.speakiv.socialservice.model.entity.UserMessage#13]
2022-04-01 00:39:49.769 DEBUG 6384 --- [nio-8080-exec-2] o.s.orm.jpa.JpaTransactionManager : Initiating transaction commit
2022-04-01 00:39:49.769 DEBUG 6384 --- [nio-8080-exec-2] o.s.orm.jpa.JpaTransactionManager : Committing JPA transaction on EntityManager [SessionImpl(494638892<open>)]
2022-04-01 00:39:49.769 DEBUG 6384 --- [nio-8080-exec-2] o.h.e.t.internal.TransactionImpl : committing
2022-04-01 00:39:49.777 DEBUG 6384 --- [nio-8080-exec-2] o.s.jdbc.datasource.DataSourceUtils : Resetting read-only flag of JDBC Connection [HikariProxyConnection@1484327655 wrapping com.mysql.cj.jdbc.ConnectionImpl@47fa3671]
2022-04-01 00:39:49.780 DEBUG 6384 --- [nio-8080-exec-2] o.s.orm.jpa.JpaTransactionManager : Not closing pre-bound JPA EntityManager after transaction
2022-04-01 00:39:49.781 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Selected '*/*' given [*/*]
2022-04-01 00:39:49.781 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.servlet.view.InternalResourceView : View name 'api/message/getAll', model {dataResponse=com.speakiv.speakivcore.model.response.SuccessDataResponse@3d2c9c93, org.springframework.validation.BindingResult.dataResponse=org.springframework.validation.BeanPropertyBindingResult: 0 errors}
2022-04-01 00:39:49.781 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.servlet.view.InternalResourceView : Forwarding to [api/message/getAll]
2022-04-01 00:39:49.782 DEBUG 6384 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : "FORWARD" dispatch for GET "/api/message/api/message/getAll", parameters={}
2022-04-01 00:39:49.782 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [Classpath [META-INF/resources/], Classpath [resources/], Classpath [static/], Classpath [public/], ServletContext [/]]
2022-04-01 00:39:49.787 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2022-04-01 00:39:49.787 DEBUG 6384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=1, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@11a677b0]
2022-04-01 00:39:49.787 DEBUG 6384 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Exiting from "FORWARD" dispatch, status 404
2022-04-01 00:39:49.788 DEBUG 6384 --- [nio-8080-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Disabling the response for further output
2022-04-01 00:39:49.788 DEBUG 6384 --- [nio-8080-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : The Response is vehiculed using a wrapper: org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterResponse
2022-04-01 00:39:49.789 DEBUG 6384 --- [nio-8080-exec-2] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-04-01 00:39:49.789 DEBUG 6384 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2022-04-01 00:39:49.790 DEBUG 6384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=1, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@11a677b0]
2022-04-01 00:39:49.790 DEBUG 6384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-04-01 00:39:49.790 DEBUG 6384 --- [nio-8080-exec-2] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2022-04-01 00:39:49.791 DEBUG 6384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /error
2022-04-01 00:39:49.792 DEBUG 6384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=1, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2022-04-01 00:39:49.792 DEBUG 6384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=1, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2022-04-01 00:39:49.792 DEBUG 6384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Secured GET /error
2022-04-01 00:39:49.793 DEBUG 6384 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}
2022-04-01 00:39:49.793 DEBUG 6384 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2022-04-01 00:39:49.793 DEBUG 6384 --- [nio-8080-exec-2] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-04-01 00:39:49.795 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [*/*] and supported [application/json, application/* json, application/json, application/* json]
2022-04-01 00:39:49.795 DEBUG 6384 --- [nio-8080-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [{timestamp=Fri Apr 01 00:39:49 EET 2022, status=404, error=Not Found, path=/api/message/getAll}]
2022-04-01 00:39:49.796 DEBUG 6384 --- [nio-8080-exec-2] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-04-01 00:39:49.797 DEBUG 6384 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 404
2022-04-01 00:39:49.798 DEBUG 6384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-04-01 00:39:49.798 DEBUG 6384 --- [nio-8080-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Disabling the response for further output
2022-04-01 00:39:49.799 DEBUG 6384 --- [nio-8080-exec-2] o.a.coyote.http11.Http11InputBuffer : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [678]
2022-04-01 00:39:49.799 DEBUG 6384 --- [nio-8080-exec-2] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@2efc81a4:org.apache.tomcat.util.net.NioChannel@4fd730ea:java.nio.channels.SocketChannel[connected local=/192.168.1.110:8080 remote=/192.168.1.110:52685]], Read from buffer: [0]
2022-04-01 00:39:49.799 DEBUG 6384 --- [nio-8080-exec-2] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@2efc81a4:org.apache.tomcat.util.net.NioChannel@4fd730ea:java.nio.channels.SocketChannel[connected local=/192.168.1.110:8080 remote=/192.168.1.110:52685]], Read direct from socket: [0]
2022-04-01 00:39:49.799 DEBUG 6384 --- [nio-8080-exec-2] o.a.coyote.http11.Http11InputBuffer : Received []
2022-04-01 00:39:49.799 DEBUG 6384 --- [nio-8080-exec-2] o.apache.coyote.http11.Http11Processor : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@2efc81a4:org.apache.tomcat.util.net.NioChannel@4fd730ea:java.nio.channels.SocketChannel[connected local=/192.168.1.110:8080 remote=/192.168.1.110:52685]], Status in: [OPEN_READ], State out: [OPEN]
2022-04-01 00:39:49.800 DEBUG 6384 --- [nio-8080-exec-2] org.apache.tomcat.util.net.NioEndpoint : Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@2efc81a4:org.apache.tomcat.util.net.NioChannel@4fd730ea:java.nio.channels.SocketChannel[connected local=/192.168.1.110:8080 remote=/192.168.1.110:52685]]
After implementing WebSecurityConfigurerAdapter class, I've faced this issue. But I tried to get current user id from request header and adding this user id in to SecurityContextHolder to access current user's id. Where am I wrong? do you have any idea?
CodePudding user response:
I solved the issue. That is my mistake. I forgot to return ResponseEntity as the response. After returning ResponseEntity, the problem is solved...