below is bean
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf(csrf -> csrf.disable())
. authorizeHttpRequests(auth -> auth.requestMatchers("/" ,"/**/*.html", "/**/*.css", "/**/*.js"
, "/ecafPostapid/**", "/ecafPostpaid/healthtest/checktest","/ecafPostpaid/ecafPostpaid/health"
).
permitAll().anyRequest().authenticated())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.exceptionHandling(ex -> ex.authenticationEntryPoint(this.ecafAuthenticationEntryPoint))
.anonymous(anonymous ->anonymous.disable());
httpSecurity.addFilterBefore(new CustomAuthenticationFilter(this.authenticationManager, this.encDecAlgorithm, this.environment, this.filterManager),UsernamePasswordAuthenticationFilter.class)
;
httpSecurity.securityContext(securityContext -> securityContext
.securityContextRepository(
new DelegatingSecurityContextRepository(
new RequestAttributeSecurityContextRepository(),
new HttpSessionSecurityContextRepository()
)));
return httpSecurity.build();
}
below is doFilter of customauthenticationFilter
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
try {
request.setAttribute("startTime", System.currentTimeMillis());
MDC.put("requestID",request.getHeader("X-eCAF-RequestId"));
CustomAuthentication authentication = new CustomAuthentication();
String stringToken = request.getHeader("x-access-token");
String source = Objects.toString(request.getHeader("source"));
authentication.setPrincipal(stringToken);
authentication.setSource(source);
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
SecurityContextHolder.getContext().setAuthentication(authentication);
this.authenticationManager.authenticate(authentication);
LOGGER.info("The Authentication {}", SecurityContextHolder.getContext().getAuthentication());
chain.doFilter(request, response);
} catch
below is CustomAuthenticationProvider authenticate method :
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken userNameToken = new UsernamePasswordAuthenticationToken(
jwtToken.getPrincipal(), jwtToken.getCredentials(), jwtToken.getAuthorities());
jwtPayload.setToken(accessToken);
userNameToken.setDetails(jwtPayload);
jwtToken.setAuthenticated(true);
SecurityContextHolder.clearContext();
SecurityContextHolder.getContext().setAuthentication(userNameToken);
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
if(userNameToken.isAuthenticated()) customAuthentication.setAuthenticated(true);
return userNameToken;
}
below is log of error
"timestamp":"04-03-2025 15:34:33.248","level":"INFO","thread":"http-nio-7003-exec-4","logger":"CustomAuthenticationFilter","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"The Authentication UsernamePasswordAuthenticationToken [Principal=8874747429, Credentials=[PROTECTED], Authenticated=true, Details=JWTPayload(sub=8874747429, nbf=1741079509846, roles=ROLE_DSL_AGENT, salesCode=32447, dslSfoCode=DC1101001, dslChannelId=17251, circleId=108, circleIdEai=14, dslPosCode=Delhi_Dummy, postpaidSfoCode=Delhi_Dummy, userId=8874747429, storePincode=122001, lob=Telemedia, storeCity=Gurgaon, token=eyJhbGciOiJIUzUxMiJ9.eyJwb3N0cGFpZFNmb0NvZGUiOiJEZWxoaV9EdW1teSIsInN1YiI6Ijg4NzQ3NDc0MjkiLCJhd1JvbGVzIjpbIkhETyJdLCJzYWxlc0NvZGUiOiIzMjQ0NyIsInJvbGVzIjoiUk9MRV9EU0xfQUdFTlQiLCJpc3MiOiJjb20uYWdpbGUuZUFjdGl2YXRlIiwiY2lyY2xlSWRFYWkiOiIxNCIsInVzZXJJZCI6Ijg4NzQ3NDc0MjkiLCJkc2xDaGFubmVsSWQiOiIxNzI1MSIsImRzbFNmb0NvZGUiOiJEQzExMDEwMDEiLCJzdG9yZVBpbmNvZGUiOiIxMjIwMDEiLCJuYmYiOjE3NDEwNzk1MDk4NDYsImRzbFBvc0NvZGUiOiJEZWxoaV9EdW1teSIsImNpcmNsZUlkIjoiMTA4IiwiZXhwIjoxNzQxMTE1NTA5ODQ2LCJzdG9yZUNpdHkiOiJHdXJnYW9uIiwiaWF0IjoxNzQxMDc5NTA5ODQ2LCJsb2IiOiJUZWxlbWVkaWEifQ.t_NACSA51Sh4hEKCOemBYMLTfvVM8FBtJgmGrRHTfmyoB4xxzmHrOS_1w2ZzPPzQplLGSZw_qE8631HhtP6yLg, subAgent=null, appName=null), Granted Authorities=[]]"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"FilterChainProxy","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Invoking RequestCacheAwareFilter (7/11)"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"FilterChainProxy","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Invoking SecurityContextHolderAwareRequestFilter (8/11)"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"FilterChainProxy","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Invoking SessionManagementFilter (9/11)"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"SupplierDeferredSecurityContext","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Created SecurityContextImpl [Null authentication]"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"HttpSessionSecurityContextRepository","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"No HttpSession currently exists"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"SupplierDeferredSecurityContext","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Created SecurityContextImpl [Null authentication]"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"FilterChainProxy","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Invoking ExceptionTranslationFilter (10/11)"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"FilterChainProxy","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Invoking AuthorizationFilter (11/11)"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"RequestMatcherDelegatingAuthorizationManager","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Authorizing POST /ecafPostpaid/reserveNumbers/getAvailableNumbers/v1"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"RequestMatcherDelegatingAuthorizationManager","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Checking authorization on POST /ecafPostpaid/reserveNumbers/getAvailableNumbers/v1 using .springframework.security.authorization.AuthenticatedAuthorizationManager@5c9c1a3b"}
{"timestamp":"04-03-2025 15:34:33.248","level":"TRACE","thread":"http-nio-7003-exec-4","logger":"ExceptionTranslationFilter","requestID":"a8f8395ee8389e45ed493ceeb785961d","message":"Sending to authentication entry point since authentication failed","stack_hash":"9bea3a25","throwable_message":"An Authentication object was not found in the SecurityContext","throwable_root_cause_message":"An Authentication object was not found in the SecurityContext","stack_trace":".springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext\n\tat .springframework.security.web.access.intercept.AuthorizationFilter.getAuthentication(AuthorizationFilter.java:143)\n\tat .springframework.security.authorization.AuthenticatedAuthorizationManager.check(AuthenticatedAuthorizationManager.java:115)\n\tat .springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.check(RequestMatcherDelegatingAuthorizationManager.java:87)\n\tat .springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.check(RequestMatcherDelegatingAuthorizationManager.java:49)\n\tat .springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:95)\n\tat .springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)\n\tat .springframework.security.
in logs you can see that it is authenticated = true