Access to XMLHttpRequest at 'http://127.0.0.1:8989/user/loginTest' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
스프링 시큐리티 + JWT에서 권한이 필요한 페이지 접근 시
위와 같은 에러 발생..
리액트 서버에서 스프링 서버로 요청하는 상황이고 CORS 처리는 컨트롤러에 CrossOrigin 어노테이션으로 했다.
권한이 필요 없는 사이트는 통신이 잘되었지만 이상하게 권한이 필요한 페이지 접근할 때에만 그랬다..
결과적으로는 단순히 JWT 인증을 실패해서 발생한 문제였다. 헤더 입력을 잘못해서 JWT 인증이 안됐었다. 그런데 왜 cors 에러가 뜨는지 정확한 이유는 찾지 못했다.
디버깅 해봤는데 JWT 인증이 안되서 아예 컨트롤러까지 접근도 하지 않았다. 이거랑 연관이 있는 거 같긴하다. 어딘가에서 바로 튕겨내서 응답헤더에 CORS 관련 값이 들어가지 않아 발생하는 것 같은..?
WebSecurityConfigurerAdapter에 모든 url CORS 설정을 하는 것으로 해결했다.
권한때문에 거부 됐을 때 DispatcherServlet이 에러 페이지로 CORS가 안됐던 것 같다.
CORS를 아래와 같이 설정했다.
@RequiredArgsConstructor
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().configurationSource(corsConfigurationSource());
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.addAllowedHeader("*");
config.addAllowedMethod("*");
config.setAllowedOrigins(Arrays.asList("http://127.0.0.1:3000", "http://localhost:3000"));
source.registerCorsConfiguration("/**", config);
return source;
}
}디버깅 로그 보면 권한 때문에 AccessDeniedException이 발생하여 DistpatcherServlet이 /error로 넘긴 것을 볼 수 있다.
2022-07-24 14:59:46.147 TRACE 872 --- [nio-8989-exec-9] edFilterInvocationSecurityMetadataSource : Did not match request to Ant [pattern='/**/*', OPTIONS] - [permitAll] (1/4)
2022-07-24 14:59:46.147 TRACE 872 --- [nio-8989-exec-9] edFilterInvocationSecurityMetadataSource : Did not match request to Ant [pattern='/admin/**'] - [hasRole('ROLE_ADMIN')] (2/4)
2022-07-24 14:59:46.147 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
2022-07-24 14:59:46.147 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [GET /user/loginTest] with attributes [hasRole('ROLE_USER')]
2022-07-24 14:59:46.147 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.expression.WebExpressionVoter : Voted to deny authorization
2022-07-24 14:59:46.147 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [GET /user/loginTest] with attributes [hasRole('ROLE_USER')] using AffirmativeBased [DecisionVoters=[org.springframework.security.web.access.expression.WebExpressionVoter@41948c13], AllowIfAllAbstainDecisions=false]
2022-07-24 14:59:46.148 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.7.1.jar:5.7.1]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:239) ~[spring-security-core-5.7.1.jar:5.7.1]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208) ~[spring-security-core-5.7.1.jar:5.7.1]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at com.example.demo.config.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:39) ~[main/:na]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:78) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:67) ~[spring-security-web-5.7.1.jar:5.7.1]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.20.jar:5.3.20]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.20.jar:5.3.20]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.20.jar:5.3.20]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at java.base/java.lang.Thread.run(Thread.java:832) ~[na:na]
2022-07-24 14:59:46.148 DEBUG 872 --- [nio-8989-exec-9] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2022-07-24 14:59:46.149 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2022-07-24 14:59:46.149 DEBUG 872 --- [nio-8989-exec-9] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-07-24 14:59:46.149 TRACE 872 --- [nio-8989-exec-9] o.s.b.w.s.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@6be5c4a4
2022-07-24 14:59:46.149 DEBUG 872 --- [nio-8989-exec-9] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2022-07-24 14:59:46.149 DEBUG 872 --- [nio-8989-exec-9] o.apache.catalina.core.StandardWrapper : Returning non-STM instance
2022-07-24 14:59:46.149 TRACE 872 --- [nio-8989-exec-9] o.s.b.w.s.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.core.ApplicationHttpRequest@6511e8d8
2022-07-24 14:59:46.149 INFO 872 --- [nio-8989-exec-9] Spring Security Debugger :
************************************************************
Request received for GET '/error':
org.apache.catalina.core.ApplicationHttpRequest@6511e8d8
servletPath:/error
pathInfo:null
headers:
host: 127.0.0.1:8989
connection: keep-alive
pragma: no-cache
cache-control: no-cache
sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
accept: application/json, text/plain, */*
x-auth-token: eyJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJST0xFX1VTRVIiXSwiaWF0IjoxNjU4NjM1OTYyLCJleHAiOjE2NTg2Mzc3NjJ9.OiCQuWOLcVgOjvO_ae2PBuE85Eu5J87XEod17OFBhW01
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: http://localhost:3000
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://localhost:3000/
accept-encoding: gzip, deflate, br
accept-language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
************************************************************
2022-07-24 14:59:46.149 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@45c28c49, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7c6fc278, org.springframework.security.web.context.SecurityContextPersistenceFilter@d641499, org.springframework.security.web.header.HeaderWriterFilter@772bc4c9, org.springframework.web.filter.CorsFilter@23ee92df, org.springframework.security.web.authentication.logout.LogoutFilter@74ee97cb, com.example.demo.config.JwtAuthenticationFilter@1a6a4595, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@44e0c3d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1b82f62a, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4b1b2255, org.springframework.security.web.session.SessionManagementFilter@4b74a67a, org.springframework.security.web.access.ExceptionTranslationFilter@554e9509, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@5a45c218]] (1/1)
2022-07-24 14:59:46.149 DEBUG 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Securing GET /error
2022-07-24 14:59:46.149 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2022-07-24 14:59:46.149 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2022-07-24 14:59:46.150 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking SecurityContextPersistenceFilter (3/13)
2022-07-24 14:59:46.150 DEBUG 872 --- [nio-8989-exec-9] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-07-24 14:59:46.150 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2022-07-24 14:59:46.150 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2022-07-24 14:59:46.150 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2022-07-24 14:59:46.150 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2022-07-24 14:59:46.150 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking JwtAuthenticationFilter (7/13)
2022-07-24 14:59:46.150 DEBUG 872 --- [nio-8989-exec-9] c.e.demo.config.JwtAuthenticationFilter : debug
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (13/13)
2022-07-24 14:59:46.151 DEBUG 872 --- [nio-8989-exec-9] o.s.security.web.FilterChainProxy : Secured GET /error
2022-07-24 14:59:46.151 DEBUG 872 --- [nio-8989-exec-9] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2022-07-24 14:59:46.151 TRACE 872 --- [nio-8989-exec-9] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}, headers={masked} in DispatcherServlet 'dispatcherServlet'
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : 2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'basicErrorController'
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2022-07-24 14:59:46.152 DEBUG 872 --- [nio-8989-exec-9] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] .i.SessionFactoryImpl$SessionBuilderImpl : Opening Hibernate Session. tenant=null
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] org.hibernate.internal.SessionImpl : Opened Session [99b0b624-84d1-4353-ad3e-753edcdbd399] at timestamp: 1658642386152
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] o.s.web.method.HandlerMethod : Arguments: [SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.springframework.security.web.debug.DebugFilter$DebugRequestWrapper@174638cd]]]
2022-07-24 14:59:46.152 DEBUG 872 --- [nio-8989-exec-9] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [application/json, text/plain, */*] and supported [application/json, application/*+json, application/json, application/*+json]
2022-07-24 14:59:46.152 TRACE 872 --- [nio-8989-exec-9] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [{timestamp=Sun Jul 24 14:59:46 KST 2022, status=403, error=Forbidden, path=/user/loginTest}]
2022-07-24 14:59:46.153 TRACE 872 --- [nio-8989-exec-9] o.s.web.servlet.DispatcherServlet : No view rendering, null ModelAndView returned.
지금은 네이버 블로그만 해요... https://blog.naver.com/chero77