0

I have two security config:

Form Login Security Config:

@Bean
@Order(1)
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
        .authorizeHttpRequests(authorize -> authorize                    
           .requestMatchers("/oauth2/authorization/google","/oauth2**", "/app_resources/**","/assets/**","/pages/**", "/signup", "/assets/**",
                        "/favicon.ico", "/login", "/logout", "/signup", "/oauth2/authorization/**").permitAll()
           .requestMatchers("/admin/**").hasRole("ADMIN")
           .anyRequest().authenticated()
        )
        .csrf().disable()
        .oauth2Login()
            .loginPage("/login")
            .defaultSuccessUrl("/homesuccess");
        
        //http.csrf().disable().oauth2Login().loginPage("/login").defaultSuccessUrl("/loginSuccess");
        return http.build();
    }

OAuth Security Config :

@Order(2)
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        
    http
        .csrf().disable()
        .oauth2Login()
            .loginPage("/login")
            .defaultSuccessUrl("/loginSuccess");
    return http.build();
}

Below is Request Filter Class:

@Component
public class SecurityFilter extends OncePerRequestFilter {
    Logger logger = LoggerFactory.getLogger(getClass());

    @Override
    protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response,
            FilterChain filterChain) throws ServletException, IOException {
        String path = request.getRequestURI();

        logger.info("request getContextPath ---> : {}", path);
        if (path.endsWith(".css") || path.contains("error") || path.contains("oauth2") || path.endsWith(".js")
                || path.contains("resources") || path.contains("login") || path.contains("assets")
                || path.contains("/favicon.ico")) {
            logger.info("request getContextPath ---> : {} bypassing", path);

            filterChain.doFilter(request, response);
        } else {
            Principal principal = request.getUserPrincipal();

            if (principal == null) {
                logger.info("principal null ---> : {} ", path);

                response.sendRedirect("/login");
            } else {
                logger.info("principal found ---> : {} ", path);

                filterChain.doFilter(request, response);
            }

        }

    }
}

The challenge here is, only form login is working here as its order is higher than OAuth security config. when I try to open Google OAuth login it throw the below error (if I change interchange the security order only one is working at a time):

M 26-Jan-2023 23:30:20.760 [http-nio-8080-exec-1] DEBUG [org.springframework.security.web.FilterChainProxy:227] - Secured GET /oauth2/authorization/google
M 26-Jan-2023 23:30:20.760 [http-nio-8080-exec-1] DEBUG [org.springframework.security.web.FilterChainProxy:227] - Secured GET /oauth2/authorization/google
M 26-Jan-2023 23:30:20.761 [http-nio-8080-exec-1] INFO  [feroz.spring_phase_1.security.SecurityFilter:26] - request getContextPath ---> : /oauth2/authorization/google
M 26-Jan-2023 23:30:20.761 [http-nio-8080-exec-1] INFO  [feroz.spring_phase_1.security.SecurityFilter:30] - request getContextPath ---> : /oauth2/authorization/google bypassing
M 26-Jan-2023 23:30:20.761 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.header.writers.HstsHeaderWriter:151] - Not injecting HSTS header since it did not match request to [Is Secure]
M 26-Jan-2023 23:30:20.761 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.header.writers.HstsHeaderWriter:151] - Not injecting HSTS header since it did not match request to [Is Secure]
M 26-Jan-2023 23:30:20.761 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository:180] - Did not find SecurityContext in HttpSession 71815A098ED57039F97DE1B7F079B1AE using the SPRING_SECURITY_CONTEXT session attribute
M 26-Jan-2023 23:30:20.761 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository:180] - Did not find SecurityContext in HttpSession 71815A098ED57039F97DE1B7F079B1AE using the SPRING_SECURITY_CONTEXT session attribute
M 26-Jan-2023 23:30:20.762 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.762 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.762 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.762 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.762 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter:116] - Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=71815A098ED57039F97DE1B7F079B1AE], Granted Authorities=[ROLE_ANONYMOUS]]
M 26-Jan-2023 23:30:20.762 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter:116] - Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=71815A098ED57039F97DE1B7F079B1AE], Granted Authorities=[ROLE_ANONYMOUS]]
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:245] - Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@6c76eb69, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@562079e8, org.springframework.security.web.context.SecurityContextHolderFilter@6ef996f3, org.springframework.security.web.header.HeaderWriterFilter@8900e34, org.springframework.security.web.authentication.logout.LogoutFilter@166b21a, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4d25354, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7e559f09, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2be3bc60, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@844f1da, org.springframework.security.web.access.ExceptionTranslationFilter@1098af6c, org.springframework.security.web.access.intercept.AuthorizationFilter@1cf8585e]] (1/2)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:245] - Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@6c76eb69, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@562079e8, org.springframework.security.web.context.SecurityContextHolderFilter@6ef996f3, org.springframework.security.web.header.HeaderWriterFilter@8900e34, org.springframework.security.web.authentication.logout.LogoutFilter@166b21a, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4d25354, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7e559f09, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2be3bc60, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@844f1da, org.springframework.security.web.access.ExceptionTranslationFilter@1098af6c, org.springframework.security.web.access.intercept.AuthorizationFilter@1cf8585e]] (1/2)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] DEBUG [org.springframework.security.web.FilterChainProxy:223] - Securing GET /error
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] DEBUG [org.springframework.security.web.FilterChainProxy:223] - Securing GET /error
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking DisableEncodeUrlFilter (1/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking DisableEncodeUrlFilter (1/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking WebAsyncManagerIntegrationFilter (2/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking WebAsyncManagerIntegrationFilter (2/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking SecurityContextHolderFilter (3/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking SecurityContextHolderFilter (3/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking HeaderWriterFilter (4/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking HeaderWriterFilter (4/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking LogoutFilter (5/11)
M 26-Jan-2023 23:30:20.763 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking LogoutFilter (5/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.logout.LogoutFilter:121] - Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.logout.LogoutFilter:121] - Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking UsernamePasswordAuthenticationFilter (6/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking UsernamePasswordAuthenticationFilter (6/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter:271] - Did not match request to Ant [pattern='/login', POST]
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter:271] - Did not match request to Ant [pattern='/login', POST]
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking RequestCacheAwareFilter (7/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking RequestCacheAwareFilter (7/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache:105] - matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache:105] - matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking SecurityContextHolderAwareRequestFilter (8/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking SecurityContextHolderAwareRequestFilter (8/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking AnonymousAuthenticationFilter (9/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking AnonymousAuthenticationFilter (9/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking ExceptionTranslationFilter (10/11)
M 26-Jan-2023 23:30:20.764 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking ExceptionTranslationFilter (10/11)
M 26-Jan-2023 23:30:20.765 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking AuthorizationFilter (11/11)
M 26-Jan-2023 23:30:20.765 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.FilterChainProxy:372] - Invoking AuthorizationFilter (11/11)
M 26-Jan-2023 23:30:20.765 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager:71] - Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16bba698]]
M 26-Jan-2023 23:30:20.765 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager:71] - Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16bba698]]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager:80] - Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16bba698]] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@16c62d2f
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager:80] - Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16bba698]] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@16c62d2f
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository:180] - Did not find SecurityContext in HttpSession 71815A098ED57039F97DE1B7F079B1AE using the SPRING_SECURITY_CONTEXT session attribute
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository:180] - Did not find SecurityContext in HttpSession 71815A098ED57039F97DE1B7F079B1AE using the SPRING_SECURITY_CONTEXT session attribute
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext:72] - Created SecurityContextImpl [Null authentication]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter:116] - Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=71815A098ED57039F97DE1B7F079B1AE], Granted Authorities=[ROLE_ANONYMOUS]]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter:116] - Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=71815A098ED57039F97DE1B7F079B1AE], Granted Authorities=[ROLE_ANONYMOUS]]
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.access.ExceptionTranslationFilter:194] - Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=71815A098ED57039F97DE1B7F079B1AE], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access Denied
    at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:351)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:691)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:443)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:367)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:295)
    at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:372)
    at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:228)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:400)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:859)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1734)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:833)
M 26-Jan-2023 23:30:20.768 [http-nio-8080-exec-1] TRACE [org.springframework.security.web.access.ExceptionTranslationFilter:194] - Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=71815A098ED57039F97DE1B7F079B1AE], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access Denied
    at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:351)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:691)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:443)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:367)
    at

How to ensure both security configs work on same login page?

dur
  • 15,689
  • 25
  • 79
  • 125
Feroz Siddiqui
  • 3,840
  • 6
  • 34
  • 69
  • 1
    Does this answer your question? [Adding multiple Spring Security configurations based on pathMatcher](https://stackoverflow.com/questions/66883174/adding-multiple-spring-security-configurations-based-on-pathmatcher) – dur Jan 27 '23 at 11:20
  • See also https://stackoverflow.com/questions/74580622/migrate-spring-security-from-5-to-6 – dur Jan 27 '23 at 11:21
  • See also: https://stackoverflow.com/questions/36795894/how-to-apply-spring-security-filter-only-on-secured-endpoints – dur Jan 27 '23 at 11:44

0 Answers0