Trying to create authorization server using spring boot authorization server. I am able to go to the default login form and when I enter the user credentials I go to a Whitelabel Error Page with a status of 999. I am assuming something is wrong with my setup but I am unable to figure it out based on the documentation.
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.om</groupId>
<artifactId>Auth</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Auth</name>
<description>Authorization Server</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
<version>5.1.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5-fluent -->
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5-fluent</artifactId>
<version>5.1.3</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
SecurityConfig
package com.Auth.configs;
import static org.springframework.security.config.Customizer.withDefaults;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Duration;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationConsentService;
import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
@Configuration
public class SecurityConfig {
@Bean
@Order(1)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
http
// Redirect to the login page when not authenticated from the
// authorization endpoint
.exceptionHandling((exceptions) -> exceptions
.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint("/login"),
new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
)
)
// Accept access tokens for User Info and/or Client Registration
.oauth2ResourceServer((resourceServer) -> resourceServer
.jwt(Customizer.withDefaults()));
return http.build();
}
@Bean
@Order(2)
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
.anyRequest().authenticated()
)
// Form login handles the redirect to the login page from the
// authorization server filter chain
.formLogin(Customizer.withDefaults());
return http.build();
}
@Bean
Consumer<List<AuthenticationProvider>> configureCustomClientMetadataConverters() {
return CustomClientMetadataConfig.configureCustomClientMetadataConverters();
}
@Bean
BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("client")
.clientSecret(passwordEncoder().encode("secret"))
.scope("read")
.scope(OidcScopes.OPENID)
.scope(OidcScopes.PROFILE)
.redirectUri("http://insomnia")
.redirectUri("http://127.0.0.1:8080/login/oauth2/code/client")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.tokenSettings(tokenSettings())
.clientSettings(clientSettings())
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean
TokenSettings tokenSettings() {
return TokenSettings.builder()
.accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED)
.accessTokenTimeToLive(Duration.ofDays(1))
.build();
}
@Bean
ClientSettings clientSettings() {
return ClientSettings.builder()
.requireProofKey(false)
.requireAuthorizationConsent(false)
.build();
}
@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}
@Bean
OAuth2AuthorizationService authorizationService() {
return new InMemoryOAuth2AuthorizationService();
}
@Bean
OAuth2AuthorizationConsentService authorizationConsentService() {
return new InMemoryOAuth2AuthorizationConsentService();
}
@Bean
OAuth2TokenCustomizer<JwtEncodingContext> tokenCustomizer() {
return context -> {
Authentication principal = context.getPrincipal();
if (context.getTokenType().getValue().equals("id_token")) {
context.getClaims().claim("Test", "Test Id Token");
}
if (context.getTokenType().getValue().equals("access_token")) {
context.getClaims().claim("Test", "Test Access Token");
Set<String> authorities = principal.getAuthorities().stream()
.map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
context.getClaims().claim("authorities", authorities)
.claim("user", principal.getName());
}
};
}
@Bean
JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
@Bean
JWKSource<SecurityContext> jwkSource() {
RSAKey rsaKey = generateRsa();
JWKSet jwkSet = new JWKSet(rsaKey);
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
public static RSAKey generateRsa() {
KeyPair keyPair = generateRsaKey();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
return new RSAKey.Builder(publicKey).privateKey(privateKey).keyID(UUID.randomUUID().toString()).build();
}
static KeyPair generateRsaKey() {
KeyPair keyPair;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
keyPair = keyPairGenerator.generateKeyPair();
} catch (Exception ex) {
throw new IllegalStateException(ex);
}
return keyPair;
}
}
trace logs
2023-11-30T07:34:35.990-06:00 DEBUG 29752 --- [nio-9000-exec-4] o.s.s.a.dao.DaoAuthenticationProvider : Authenticated user
2023-11-30T07:34:35.990-06:00 TRACE 29752 --- [nio-9000-exec-4] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/2)
2023-11-30T07:34:35.992-06:00 DEBUG 29752 --- [nio-9000-exec-4] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from E184492F60FFB1AEE9B0ACB587598F9B
2023-11-30T07:34:35.992-06:00 TRACE 29752 --- [nio-9000-exec-4] s.CompositeSessionAuthenticationStrategy : Preparing session with CsrfAuthenticationStrategy (2/2)
2023-11-30T07:34:35.992-06:00 DEBUG 29752 --- [nio-9000-exec-4] o.s.s.w.csrf.CsrfAuthenticationStrategy : Replaced CSRF Token
2023-11-30T07:34:35.993-06:00 DEBUG 29752 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=Developer, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, CredentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=E184492F60FFB1AEE9B0ACB587598F9B], Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@1f2df543]
2023-11-30T07:34:35.993-06:00 DEBUG 29752 --- [nio-9000-exec-4] w.a.UsernamePasswordAuthenticationFilter : Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=Developer, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, CredentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=E184492F60FFB1AEE9B0ACB587598F9B], Granted Authorities=[]]
2023-11-30T07:34:35.993-06:00 DEBUG 29752 --- [nio-9000-exec-4] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:9000/error?continue
2023-11-30T07:34:35.993-06:00 TRACE 29752 --- [nio-9000-exec-4] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2023-11-30T07:34:35.996-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer$$Lambda$1288/0x000000080093b140@7894a250, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@1bd53c5c, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@38affd02, org.springframework.security.web.context.SecurityContextHolderFilter@1254a3cd, org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.AuthorizationServerContextFilter@69d9d322, org.springframework.security.web.header.HeaderWriterFilter@3074575a, org.springframework.web.filter.CorsFilter@72e9f0f7, org.springframework.security.web.csrf.CsrfFilter@f9d8285, org.springframework.security.oauth2.server.authorization.oidc.web.OidcLogoutEndpointFilter@5432be12, org.springframework.security.web.authentication.logout.LogoutFilter@7f5c4ff8, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter@77902ed6, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter@43fdef43, org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceVerificationEndpointFilter@52a23575, org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter@7e44f989, org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter@732fa176, org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter@6ad4ef13, org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter@2040732f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@230dd372, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@663cc8c9, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2fb24ad8, org.springframework.security.web.access.ExceptionTranslationFilter@1b897ffb, org.springframework.security.web.access.intercept.AuthorizationFilter@55a2ca5e, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter@69862a1, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter@129b0ed, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter@29dcad7e, org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceAuthorizationEndpointFilter@79d8075c, org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter@6cee52e2]] (1/2)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@1d160161, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6c9e7af2, org.springframework.security.web.context.SecurityContextHolderFilter@1415f18d, org.springframework.security.web.header.HeaderWriterFilter@3031d9e9, org.springframework.web.filter.CorsFilter@48cbb4c5, org.springframework.security.web.csrf.CsrfFilter@1a6df932, org.springframework.security.web.authentication.logout.LogoutFilter@40273969, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@75708130, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3bf306d3, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@af04d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@61c42e54, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@533690d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2740585b, org.springframework.security.web.access.ExceptionTranslationFilter@74120029, org.springframework.security.web.access.intercept.AuthorizationFilter@7da40bf4]] (2/2)
2023-11-30T07:34:35.997-06:00 DEBUG 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Securing GET /error?continue
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (6/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST]
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (8/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (10/15)
2023-11-30T07:34:35.997-06:00 TRACE 29752 --- [nio-9000-exec-5] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]]
2023-11-30T07:34:35.998-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (11/15)
2023-11-30T07:34:35.998-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.s.w.s.HttpSessionRequestCache : Removing DefaultSavedRequest from session if present
2023-11-30T07:34:35.998-06:00 DEBUG 29752 --- [nio-9000-exec-5] o.s.s.w.s.HttpSessionRequestCache : Loaded matching saved request http://localhost:9000/error?continue
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (12/15)
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (13/15)
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (14/15)
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (15/15)
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.savedrequest.SavedRequestAwareWrapper@783a685]
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.savedrequest.SavedRequestAwareWrapper@783a685] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@7e65b6a2
2023-11-30T07:34:35.999-06:00 TRACE 29752 --- [nio-9000-exec-5] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=Developer, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, CredentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=E184492F60FFB1AEE9B0ACB587598F9B], Granted Authorities=[]]] from SPRING_SECURITY_CONTEXT
2023-11-30T07:34:36.000-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=Developer, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, CredentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=E184492F60FFB1AEE9B0ACB587598F9B], Granted Authorities=[]]
2023-11-30T07:34:36.000-06:00 DEBUG 29752 --- [nio-9000-exec-5] o.s.security.web.FilterChainProxy : Secured GET /error?continue
2023-11-30T07:34:36.028-06:00 TRACE 29752 --- [nio-9000-exec-5] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]