Problems in login with openId


#1

Hello,

We have just configured Shinyproxy in order to login using openId. Our application.yml file looks like this:
proxy:
title: Open Analytics Shiny Proxy
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
authentication: openid

‘openid’ authentication configuration

openid:
auth-url: https//login.platform.absapp.net/auth
token-url: https//login.platform.absapp.net/token_oidc
jwks-url: https//platform.absapp.net/certs
client-id: ****
client-secret: ****

Docker configuration

docker:
cert-path: /home/none
url: http//localhost:2375
port-range-start: 20000
specs:

  • id: cmb
    display-name: Cuadro de mando
    description: Maqueta de pruebas del cuadro de mandos
    contaniner-cmd: [“R”, “-e”,“shiny::runApp(’/root/cmb’)”]
    container-image: openanalytics/shinyproxy-template-cmb

logging:
level:
org.springframework.security: debug
file:
shinyproxy.log

We can’t get no login, the process is endlessly requesting autentication unsuccessfuly.
We are new at Shinyproxy, any help would be apreciated.

Thanks a lot.

2019-03-27 15:41:10.954 INFO 6287 — [main] e.o.c.ContainerProxyApplication : Starting ContainerProxyApplication v0.8.0 on worker with PID 6287 (/home/david.sola/shinyproxy/shinyproxy-2.2.0.jar started by root in /home/david.sola/shinyproxy)
2019-03-27 15:41:10.960 INFO 6287 — [main] e.o.c.ContainerProxyApplication : No active profile set, falling back to default profiles: default
2019-03-27 15:41:11.064 INFO 6287 — [main] ConfigServletWebServerApplicationContext : Refreshing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@27a5f880: startup date [Wed Mar 27 15:41:11 CET 2019]; root of context hierarchy
2019-03-27 15:41:13.505 INFO 6287 — [main] f.a.AutowiredAnnotationBeanPostProcessor : JSR-330 ‘javax.inject.Inject’ annotation found and supported for autowiring
2019-03-27 15:41:14.887 INFO 6287 — [main] org.xnio : XNIO version 3.3.8.Final
2019-03-27 15:41:14.909 INFO 6287 — [main] org.xnio.nio : XNIO NIO Implementation Version 3.3.8.Final
2019-03-27 15:41:15.035 WARN 6287 — [main] io.undertow.websockets.jsr : UT026009: XNIO worker was not set on WebSocketDeploymentInfo, the default worker will be used
2019-03-27 15:41:15.036 WARN 6287 — [main] io.undertow.websockets.jsr : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used
2019-03-27 15:41:15.071 INFO 6287 — [main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext
2019-03-27 15:41:15.072 INFO 6287 — [main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 4009 ms
2019-03-27 15:41:15.335 INFO 6287 — [main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: ‘characterEncodingFilter’ to: [/]
2019-03-27 15:41:15.337 INFO 6287 — [main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: ‘hiddenHttpMethodFilter’ to: [/
]
2019-03-27 15:41:15.338 INFO 6287 — [main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: ‘httpPutFormContentFilter’ to: [/]
2019-03-27 15:41:15.340 INFO 6287 — [main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: ‘requestContextFilter’ to: [/
]
2019-03-27 15:41:15.341 INFO 6287 — [main] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: ‘springSecurityFilterChain’ to: [/]
2019-03-27 15:41:15.342 INFO 6287 — [main] o.s.b.w.servlet.ServletRegistrationBean : Servlet dispatcherServlet mapped to [/]
2019-03-27 15:41:15.898 INFO 6287 — [main] e.o.c.stat.StatCollectorRegistry : Disabled. Usage statistics will not be processed.
2019-03-27 15:41:15.952 WARN 6287 — [main] org.thymeleaf.templatemode.TemplateMode : [THYMELEAF][main] Template Mode ‘HTML5’ is deprecated. Using Template Mode ‘HTML’ instead.
2019-03-27 15:41:16.093 DEBUG 6287 — [main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {webSecurityConfig=eu.openanalytics.containerproxy.security.WebSecurityConfig$$EnhancerBySpringCGLIB$$b8868d38@239a307b}
2019-03-27 15:41:16.097 DEBUG 6287 — [main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
2019-03-27 15:41:16.193 INFO 6287 — [main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern=’/css/’], []
2019-03-27 15:41:16.194 INFO 6287 — [main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern=’/img/
’], []
2019-03-27 15:41:16.194 INFO 6287 — [main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern=’/js/’], []
2019-03-27 15:41:16.195 INFO 6287 — [main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern=’/assets/
’], []
2019-03-27 15:41:16.195 INFO 6287 — [main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern=’/webjars/’], []
2019-03-27 15:41:16.335 DEBUG 6287 — [main] edFilterInvocationSecurityMetadataSource : Adding web access control expression ‘hasAnyRole(‘ROLE_’)’, for Ant [pattern=’/admin’]
2019-03-27 15:41:16.338 DEBUG 6287 — [main] edFilterInvocationSecurityMetadataSource : Adding web access control expression ‘permitAll’, for Ant [pattern=’/login’]
2019-03-27 15:41:16.340 DEBUG 6287 — [main] edFilterInvocationSecurityMetadataSource : Adding web access control expression ‘permitAll’, for Ant [pattern=’/signin/
’]
2019-03-27 15:41:16.340 DEBUG 6287 — [main] edFilterInvocationSecurityMetadataSource : Adding web access control expression ‘authenticated’, for org.springframework.security.web.util.matcher.AnyRequestMatcher@1
2019-03-27 15:41:16.353 DEBUG 6287 — [main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2019-03-27 15:41:16.355 DEBUG 6287 — [main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2019-03-27 15:41:16.417 INFO 6287 — [main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@d2de489, org.springframework.security.web.context.SecurityContextPersistenceFilter@446a1e84, org.springframework.security.web.header.HeaderWriterFilter@7857fe2, org.springframework.security.web.authentication.logout.LogoutFilter@387a8303, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@6cd24612, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@2f953efd, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@d23e042, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2657d4dd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@7139992f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@14bdbc74, org.springframework.security.web.session.SessionManagementFilter@1be2019a, org.springframework.security.web.access.ExceptionTranslationFilter@6f43c82, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6933b6c6]
2019-03-27 15:41:17.303 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@27a5f880: startup date [Wed Mar 27 15:41:11 CET 2019]; root of context hierarchy
2019-03-27 15:41:17.660 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/admin]}” onto private java.lang.String eu.openanalytics.shinyproxy.controllers.AdminController.admin(org.springframework.ui.ModelMap,javax.servlet.http.HttpServletRequest)
2019-03-27 15:41:17.663 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/]}” onto private java.lang.String eu.openanalytics.shinyproxy.controllers.IndexController.index(org.springframework.ui.ModelMap,javax.servlet.http.HttpServletRequest)
2019-03-27 15:41:17.665 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/app/
],methods=[GET]}" onto public java.lang.String eu.openanalytics.shinyproxy.controllers.AppController.app(org.springframework.ui.ModelMap,javax.servlet.http.HttpServletRequest)
2019-03-27 15:41:17.666 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/app/],methods=[POST]}" onto public java.util.Map<java.lang.String, java.lang.String> eu.openanalytics.shinyproxy.controllers.AppController.startApp(javax.servlet.http.HttpServletRequest)
2019-03-27 15:41:17.667 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/app_direct/],methods=[GET]}" onto public void eu.openanalytics.shinyproxy.controllers.AppController.appDirect(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-03-27 15:41:17.668 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/issue],methods=[POST]}” onto public java.lang.String eu.openanalytics.shinyproxy.controllers.IssueController.postIssue(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-03-27 15:41:17.670 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/login],methods=[GET]}” onto public java.lang.Object eu.openanalytics.containerproxy.ui.LoginController.getLoginPage(java.util.Optional<java.lang.String>,org.springframework.ui.ModelMap,javax.servlet.http.HttpServletRequest)
2019-03-27 15:41:17.674 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/error],produces=[text/html]}” onto public java.lang.String eu.openanalytics.containerproxy.ui.ErrorController.handleError(org.springframework.ui.ModelMap,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-03-27 15:41:17.676 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/error],consumes=[application/json],produces=[application/json]}” onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> eu.openanalytics.containerproxy.ui.ErrorController.error(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-03-27 15:41:17.682 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxyspec/{proxySpecId}],methods=[GET],produces=[application/json]}” onto public org.springframework.http.ResponseEntity<eu.openanalytics.containerproxy.model.spec.ProxySpec> eu.openanalytics.containerproxy.api.ProxyController.getProxySpec(java.lang.String)
2019-03-27 15:41:17.684 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxy/{proxySpecId}],methods=[POST],produces=[application/json]}” onto public org.springframework.http.ResponseEntity<eu.openanalytics.containerproxy.model.runtime.Proxy> eu.openanalytics.containerproxy.api.ProxyController.startProxy(java.lang.String,java.util.Set<eu.openanalytics.containerproxy.model.runtime.RuntimeSetting>)
2019-03-27 15:41:17.686 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxy],methods=[POST],produces=[application/json]}” onto public org.springframework.http.ResponseEntity<eu.openanalytics.containerproxy.model.runtime.Proxy> eu.openanalytics.containerproxy.api.ProxyController.startProxy(eu.openanalytics.containerproxy.model.spec.ProxySpec)
2019-03-27 15:41:17.687 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxy/{proxyId}],methods=[GET],produces=[application/json]}” onto public org.springframework.http.ResponseEntity<eu.openanalytics.containerproxy.model.runtime.Proxy> eu.openanalytics.containerproxy.api.ProxyController.getProxy(java.lang.String)
2019-03-27 15:41:17.688 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxyspec],methods=[GET],produces=[application/json]}” onto public java.util.List<eu.openanalytics.containerproxy.model.spec.ProxySpec> eu.openanalytics.containerproxy.api.ProxyController.listProxySpecs()
2019-03-27 15:41:17.689 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxy],methods=[GET],produces=[application/json]}” onto public java.util.List<eu.openanalytics.containerproxy.model.runtime.Proxy> eu.openanalytics.containerproxy.api.ProxyController.listProxies()
2019-03-27 15:41:17.690 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped “{[/api/proxy/{proxyId}],methods=[DELETE],produces=[application/json]}” onto public org.springframework.http.ResponseEntity<java.lang.String> eu.openanalytics.containerproxy.api.ProxyController.stopProxy(java.lang.String)
2019-03-27 15:41:17.691 INFO 6287 — [main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/route/
],methods=[GET]}” onto public void eu.openanalytics.containerproxy.api.ProxyRouteController.route(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-03-27 15:41:17.791 INFO 6287 — [main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/assets/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-27 15:41:17.792 INFO 6287 — [main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/
] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-27 15:41:17.793 INFO 6287 — [main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-27 15:41:17.832 INFO 6287 — [main] .m.m.a.ExceptionHandlerExceptionResolver : Detected @ExceptionHandler methods in baseController.RestErrorHandler
2019-03-27 15:41:17.908 INFO 6287 — [main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/
/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-27 15:41:18.179 INFO 6287 — [main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page template: index
2019-03-27 15:41:18.430 INFO 6287 — [main] o.s.l.c.support.AbstractContextSource : Property ‘userDn’ not set - anonymous context will be used for read-write operations
2019-03-27 15:41:18.925 INFO 6287 — [main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2019-03-27 15:41:18.940 INFO 6287 — [main] o.s.j.e.a.AnnotationMBeanExporter : Bean with name ‘dataSource’ has been autodetected for JMX exposure
2019-03-27 15:41:18.955 INFO 6287 — [main] o.s.j.e.a.AnnotationMBeanExporter : Located MBean ‘dataSource’: registering with JMX server as MBean [com.zaxxer.hikari:name=dataSource,type=HikariDataSource]
2019-03-27 15:41:19.089 INFO 6287 — [main] o.s.b.w.e.u.UndertowServletWebServer : Undertow started on port(s) 8080 (http) with context path ‘’
2019-03-27 15:41:19.096 INFO 6287 — [main] e.o.c.ContainerProxyApplication : Started ContainerProxyApplication in 10.785 seconds (JVM running for 11.83)
2019-03-27 15:41:49.699 INFO 6287 — [XNIO-2 task-1] io.undertow.servlet : Initializing Spring FrameworkServlet ‘dispatcherServlet’
2019-03-27 15:41:49.700 INFO 6287 — [XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet ‘dispatcherServlet’: initialization started
2019-03-27 15:41:49.754 INFO 6287 — [XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet ‘dispatcherServlet’: initialization completed in 53 ms
2019-03-27 15:41:49.780 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/css/
2019-03-27 15:41:49.781 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against '/img/

2019-03-27 15:41:49.782 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/js/
2019-03-27 15:41:49.782 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against '/assets/

2019-03-27 15:41:49.782 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/webjars/**’
2019-03-27 15:41:49.784 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 1 of 13 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
2019-03-27 15:41:49.786 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 2 of 13 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
2019-03-27 15:41:49.787 DEBUG 6287 — [XNIO-2 task-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-03-27 15:41:49.788 DEBUG 6287 — [XNIO-2 task-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-03-27 15:41:49.793 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 3 of 13 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
2019-03-27 15:41:49.794 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 4 of 13 in additional filter chain; firing Filter: ‘LogoutFilter’
2019-03-27 15:41:49.795 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/logout’
2019-03-27 15:41:49.795 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 5 of 13 in additional filter chain; firing Filter: ‘OAuth2AuthorizationRequestRedirectFilter’
2019-03-27 15:41:49.796 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/oauth2/authorization/{registrationId}’
2019-03-27 15:41:49.796 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 6 of 13 in additional filter chain; firing Filter: ‘OAuth2LoginAuthenticationFilter’
2019-03-27 15:41:49.796 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against '/login/oauth2/code/

2019-03-27 15:41:49.797 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 7 of 13 in additional filter chain; firing Filter: ‘UsernamePasswordAuthenticationFilter’
2019-03-27 15:41:49.797 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /login/’ doesn’t match 'POST /login
2019-03-27 15:41:49.798 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 8 of 13 in additional filter chain; firing Filter: ‘RequestCacheAwareFilter’
2019-03-27 15:41:49.798 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 9 of 13 in additional filter chain; firing Filter: ‘SecurityContextHolderAwareRequestFilter’
2019-03-27 15:41:49.801 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 10 of 13 in additional filter chain; firing Filter: ‘AnonymousAuthenticationFilter’
2019-03-27 15:41:49.805 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: ‘org.springframework.security.authentication.AnonymousAuthenticationToken@31d33f41: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 10.35.30.144; SessionId: null; Granted Authorities: ROLE_ANONYMOUS’
2019-03-27 15:41:49.805 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 11 of 13 in additional filter chain; firing Filter: ‘SessionManagementFilter’
2019-03-27 15:41:49.806 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.session.SessionManagementFilter : Requested session ID Mw–niFVCCmAOpnIgDU2v9yPDEeem2juDs2udmwO is invalid.
2019-03-27 15:41:49.807 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 12 of 13 in additional filter chain; firing Filter: ‘ExceptionTranslationFilter’
2019-03-27 15:41:49.807 DEBUG 6287 — [XNIO-2 task-1] o.s.security.web.FilterChainProxy : /login/ at position 13 of 13 in additional filter chain; firing Filter: ‘FilterSecurityInterceptor’
2019-03-27 15:41:49.809 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/admin’
2019-03-27 15:41:49.810 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/login’
2019-03-27 15:41:49.810 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login/’; against ‘/signin/**’
2019-03-27 15:41:49.811 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /login/; Attributes: [authenticated]
2019-03-27 15:41:49.811 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@31d33f41: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 10.35.30.144; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-03-27 15:41:49.827 DEBUG 6287 — [XNIO-2 task-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@683fcdc7, returned: -1
2019-03-27 15:41:49.845 DEBUG 6287 — [XNIO-2 task-1] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:128) [spring-security-oauth2-client-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]


#2

Hi @uridium,

Can you check the following?

  1. There seems to be a quote character at the end of this line in your config: token-url: https//login.platform.absapp.net/token_oidc’

  2. Did you configure a correct redirect uri in your openid registration?

Another thing that may be helpful, is use the browser dev console to inspect network traffic as the login request is being made.


#3

Thanks for your answer fmichielssen,
1 - the quote is just a copy&paste issue.
2 - Yes, the registration redirect uri is “http://10.35.30.161:8080/login/oauth2/code/shinyproxy

Best regards.