Re: UAA api /introspect does not seem to be workign as expected #uaa


Shetty, Viraj S [CTR]
 
Edited

I increased the logging for the UAA and found this exception. The error message is "User is not anonymous". Any idea what this could mean? 

09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.742] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /introspect; Attributes: [#oauth2.throwOnError(hasAuthority('uaa.resource'))]
   2020-09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.744] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3ac662ba, returned: -1
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.746] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- ExceptionTranslationFilter: Access is denied (user is not anonymous); delegating to AccessDeniedHandler
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT org.springframework.security.access.AccessDeniedException: Access is denied
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) [spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.servletapi.SecurityCo

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.