새로운 도전을 위한 한걸음

에러 내용. 

Caused by: java.lang.IllegalArgumentException: Can not set rememberMeCookieName and custom rememberMeServices.
	at org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer.validateInput(RememberMeConfigurer.java:306)
	at org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer.init(RememberMeConfigurer.java:270)
	at org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer.init(RememberMeConfigurer.java:80)
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370)
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324)
	at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
	at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:292)
	at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:79)
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:333)
	at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
	... 27 common frames omitted

설정 내용. 

private void configureRememberMe(HttpSecurity http) throws Exception {
        http.rememberMe()
               .key(REMEMBERME_KEY)
               .rememberMeParameter(REMEMBERME_PARAMETER)
               .rememberMeCookieName(REMEMBERME_COOKIENAME)
               .rememberMeServices(persistentTokenBasedRememberMeServices())
               .tokenValiditySeconds(60 * 60 * 24 * 7)
               .alwaysRemember(true)
               .tokenRepository(rememberMeTokenRepository)
               .userDetailsService(rememberMeUserService);
	}


    @Bean
   	public PersistentTokenBasedRememberMeServices persistentTokenBasedRememberMeServices() {
   	    PersistentTokenBasedRememberMeServices persistenceTokenBasedservice = new PersistentTokenBasedRememberMeServices(REMEMBERME_KEY, userDetailsService(), rememberMeTokenRepository);
   	    persistenceTokenBasedservice.setParameter(REMEMBERME_PARAMETER);
   	    persistenceTokenBasedservice.setAlwaysRemember(false);
   	    persistenceTokenBasedservice.setCookieName(REMEMBERME_COOKIENAME);
   	    persistenceTokenBasedservice.setTokenValiditySeconds(60 * 60 * 24 * 7);		// 토큰 유효시간 1주일 설정
   	    return persistenceTokenBasedservice;
    }

원인 

.rememberMeCookieName(REMEMBERME_COOKIENAME)
.rememberMeServices(persistentTokenBasedRememberMeServices())

설정시 rememberMeServices로 할지 스프링 시큐리트를 가지고 할지를 선택해서 하나만 설정을 해야지 에러가 나지 않는다. 
둘다 하면 에러가 위와 같은 에러 발생. 

해결방안. 

rememberMeServices 또는 스프링 설정 둘중 하나를 선택해서 설정하면 해결완료. 

private void configureRememberMe(HttpSecurity http) throws Exception {
        http.rememberMe()
               .key(REMEMBERME_KEY)
               .rememberMeParameter(REMEMBERME_PARAMETER)
               .rememberMeCookieName(REMEMBERME_COOKIENAME)
               .alwaysRemember(true)
               .tokenValiditySeconds(60 * 60 * 24 * 7)
               .tokenRepository(tokenRepository())
               .userDetailsService(userDetailsService());
	}
    
    
  

프로젝트를 새로 셋팅후 아래와 같은 에러가 발생하고 있었다. 

이유를 찾아보니  아래 에러 로그는 debug level에서 찍히는 로그였다. 

2020-04-14 14:50:01 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/admin/'; against '/admin/**'
2020-04-14 14:50:01 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /admin/; Attributes: [hasAuthority('ADMIN')]
2020-04-14 14:50:01 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@5d31995d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: B834B1F371A507D73771517A56970EFC; Granted Authorities: ROLE_ANONYMOUS
2020-04-14 14:50:01 DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5d314383, returned: -1
2020-04-14 14:50:01 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1594)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

에러는 프로그램이 작동하는데에는 아무 영향이 없다. 

참고 사이트 : https://docs.spring.io/spring-security/site/docs/3.0.8.RELEASE/faq/faq.html#faq-anon-access-denied

	
I get an exception with the message "Access is denied (user is anonymous);". What's wrong?

This is a debug level message which occurs the first time an anonymous user attempts to access a protected resource.

    DEBUG [ExceptionTranslationFilter] - Access is denied (user is anonymous); redirecting to authentication entry point
    org.springframework.security.AccessDeniedException: Access is denied
    at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
    at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:262)
                
It is normal and shouldn't be anything to worry about.

발생원인 :  인증을 하지 않고 인증된 url에 접근 할려고 할때 발생함. 

해결방법 : spring security log level 를 높여 주면 됨. 

application.properties에 아래와 같은 프로퍼티 항목이 있으면 여기의 로그레벨을  debug 보다 높은 level 로 올려주면됨.

logging.level.org.springframework.security=DEBUG

logback

<logger name="org.springframework.security" level="info"/>

gradle spring boot 셋팅시 error

spring boot 2.1.0 버전 사용시 아래와 같은 에러가 나타 날수 있다. 

에러 내용 

java.lang.NoSuchMethodError: javax.servlet.http.HttpServletRequest.getHttpServletMapping()Ljavax/servlet/http/HttpServletMapping;

ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [/vsql] threw exception [Handler processing failed; nested exception is java.lang.NoSuchMethodError: javax.servlet.http.HttpServletRequest.getHttpServletMapping()Ljavax/servlet/http/HttpServletMapping;] with root cause
java.lang.NoSuchMethodError: javax.servlet.http.HttpServletRequest.getHttpServletMapping()Ljavax/servlet/http/HttpServletMapping;
	at org.apache.catalina.core.ApplicationHttpRequest.setRequest(ApplicationHttpRequest.java:708)
	at org.apache.catalina.core.ApplicationHttpRequest.<init>(ApplicationHttpRequest.java:114)
	at org.apache.catalina.core.ApplicationDispatcher.wrapRequest(ApplicationDispatcher.java:917)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:358)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)

문제 원인 : servlet version 이 내장 서버에 맞지 않아서 발생하는 문제.

2.1.0 버전 이상 사용시 톰켓 9은 servlet version 4.0을 사용하는데 버전이 맞지 않아서 문제함

providedCompile(
  [ group: 'javax.servlet' , name: 'javax.servlet-api' , version: '4.0.0' ]
  , [ group: 'javax.servlet' , name: 'jstl' , version: '1.2' ]
  , [ group: 'javax.servlet.jsp', name: 'javax.servlet.jsp-api', version: def_version.jspApi ]
)

해결방법 :  java[ group: 'javax.servlet' , name: 'javax.servlet-api' , version: '4.0.0'  의 버전을 내장 서버 버전과 동일하게 하면 문제 해결됨.