实战

回到首页 个人中心 反馈问题 注册登录
下载APP
首页 课程 实战 体系课 手记 专栏 慕课教程

访问 h2-console 抛出异常 InsufficientAuthenticationException

来源:4-2 UserDetails、UserDetailsService和jdbcAuthentication

abulaka

2020-12-29

在通过 browser 访问 h2-console 的时候可以正常访问,但是后台抛出了下面的异常。
看 log 是自定义异常处理类 ExceptionHandler implements ProblemHandling 引起的。如果把这个自定义异常处理类删除就没问题了。想问下这是什么原因呢?

22:20:08.139 DEBUG 10664 --- [nio-8083-exec-5] FilterChainProxy                         : Securing GET /favicon.ico
22:20:08.140 DEBUG 10664 --- [nio-8083-exec-5] SecurityContextPersistenceFilter         : Set SecurityContextHolder to empty SecurityContext
22:20:08.140 DEBUG 10664 --- [nio-8083-exec-5] AnonymousAuthenticationFilter            : Set SecurityContextHolder to anonymous SecurityContext
22:20:08.141 DEBUG 10664 --- [nio-8083-exec-5] SessionManagementFilter                  : Request requested invalid session id 65CF0DA8A28E79CC6A1F12D208AA4F6C
22:20:08.144 DEBUG 10664 --- [nio-8083-exec-5] FilterSecurityInterceptor                : Failed to authorize filter invocation [GET /favicon.ico] with attributes [authenticated]
22:20:08.151 DEBUG 10664 --- [nio-8083-exec-5] ExceptionHandlerExceptionResolver        : Using @ExceptionHandler com.haha.exception.handler.ExceptionHandler#handleThrowable(Throwable, NativeWebRequest)
22:20:08.155 ERROR 10664 --- [nio-8083-exec-5] AdviceTraits                             : Internal Server Error
org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource
	at org.springframework.security.web.access.ExceptionTranslationFilter.handleAccessDeniedException(ExceptionTranslationFilter.java:192)
	at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:171)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:140)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
22:20:08.157 DEBUG 10664 --- [nio-8083-exec-5] HttpEntityMethodProcessor                : Found 'Content-Type:application/problem+json' in response
22:20:08.161 DEBUG 10664 --- [nio-8083-exec-5] HttpEntityMethodProcessor                : Writing [about:blank{500, Internal Server Error, Full authentication is required to access this resource}]
22:20:08.163 DEBUG 10664 --- [nio-8083-exec-5] HttpSessionSecurityContextRepository     : Did not store empty SecurityContext
22:20:08.164 DEBUG 10664 --- [nio-8083-exec-5] ExceptionHandlerExceptionResolver        : Resolved [org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource]
22:20:08.164 DEBUG 10664 --- [nio-8083-exec-5] SecurityContextPersistenceFilter         : Cleared SecurityContextHolder to complete request

@ControllerAdvice
public class ExceptionHandler implements ProblemHandling {
    @Override
    public boolean isCausalChainsEnabled() {
        return true;
    }
}
写回答

2回答

接灰的电子产品

2020-12-30

已采纳

和这个没关系,看一下安全配置中应该需要对h2的相关 url 放行,参考git源码

0
2
接灰的电子产品
回复
abulaka
设个断点,跟进去看一下,肯定是某个资源的url 没放行,不一定h2-console 本身,它用到的资源也要放行
2020-12-30
共2条回复

接灰的电子产品

2020-12-30

: Failed to authorize filter invocation [GET /favicon.ico] with attributes [authenticated]
这个favicon 没有放行

1
0

Spring Security+OAuth2 精讲,打造企业级认证与授权

一站式掌握主流安全框架与行业解决方案,从容应对各种安全难题。

1042 学习 · 316 问题

查看课程

相似问题

H2的连接问题,出现403

回答 2

H2无法连接

回答 2

关于h2-console的问题

回答 1

TokenService.getToken()抛出异常

回答 1

有关返回异常里的属性"type"的疑惑

回答 1

打开慕课网App查看更多内容