0

It is a RESTful (Grails 3.2.11 back-end) application with spring-security-rest:2.0.0.M2 plugin. It works fine with angular front-end. On login from mobile (android) app, it gives me token back. But using the same token as Bearer in successive secured APIs it throws

WWW-authenticate: Bearer error="invalid_token"

In response header. It has been crossed checked, the logged-in user has enough privilege to visit those APIs, so it is not the case of unauthorized access. And the token is present in authenticationToken collection of mongodb. Also, if I login with same user in web application (angular front-end) it works perfectly.

Following is the spring-security debug snippet (remote IP and username are masked)

14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/api/login' matched by universal pattern '/**'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 3 of 12 in additional filter chain; firing Filter: 'MutableLogoutFilter'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/login'; against '/logoff'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 4 of 12 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 5 of 12 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG g.p.s.rest.RestAuthenticationFilter - Actual URI is /api/login; endpoint URL is /api/login
14.03.2018 12:03:22.383 [http-nio-8080-exec-10] DEBUG g.p.s.rest.RestAuthenticationFilter - Applying authentication filter to this request
14.03.2018 12:03:22.421 [http-nio-8080-exec-10] DEBUG g.p.s.r.c.DefaultJsonPayloadCredentialsExtractor - Extracted credentials from JSON payload. Username: , password: [PROTECTED]
14.03.2018 12:03:22.424 [http-nio-8080-exec-10] DEBUG g.p.s.rest.RestAuthenticationFilter - Trying to authenticate the request
14.03.2018 12:03:22.425 [http-nio-8080-exec-10] DEBUG o.s.s.a.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
14.03.2018 12:03:22.551 [http-nio-8080-exec-10] DEBUG o.s.s.a.h.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ADMIN] one can reach [ROLE_ADMIN] in zero or more steps.
14.03.2018 12:03:22.552 [http-nio-8080-exec-10] DEBUG g.p.s.rest.RestAuthenticationFilter - Request authenticated. Storing the authentication result in the security context
14.03.2018 12:03:22.552 [http-nio-8080-exec-10] DEBUG g.p.s.rest.RestAuthenticationFilter - Authentication result: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@f0f156db: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: ; SessionId: null; Granted Authorities: ROLE_ADMIN
14.03.2018 12:03:22.557 [http-nio-8080-exec-10] DEBUG g.p.s.rest.RestAuthenticationFilter - Generated token: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:nle37eh3dl7hnu1fnge4al46ttcoavnv, expiration:null, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, super:grails.plugin.springsecurity.rest.token.AccessToken@f0edeb3: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN)
14.03.2018 12:03:22.558 [http-nio-8080-exec-10] DEBUG g.p.s.r.t.s.GormTokenStorageService - Storing principal for token: nle37eh3dl7hnu1fnge4al46ttcoavnv
14.03.2018 12:03:22.558 [http-nio-8080-exec-10] DEBUG g.p.s.r.t.s.GormTokenStorageService - Principal: grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN
14.03.2018 12:03:22.676 [http-nio-8080-exec-10] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - The HttpSession is currently null, and the HttpSessionSecurityContextRepository is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request
14.03.2018 12:03:22.677 [http-nio-8080-exec-10] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/api/userapi/getconfig' matched by universal pattern '/**'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 1 of 12 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 3 of 12 in additional filter chain; firing Filter: 'MutableLogoutFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/userapi/getconfig'; against '/logoff'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 4 of 12 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 5 of 12 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG g.p.s.rest.RestAuthenticationFilter - Actual URI is /api/userAPI/getConfig; endpoint URL is /api/login
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 6 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 7 of 12 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
14.03.2018 12:03:22.888 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 8 of 12 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.w.f.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@f23b2e68: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: ; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 9 of 12 in additional filter chain; firing Filter: 'RestTokenValidationFilter'
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Looking for bearer token in Authorization header, query string or Form-Encoded body parameter
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Found bearer token in Authorization header
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Token: nle37eh3dl7hnu1fnge4al46ttcoavnv
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.RestTokenValidationFilter - Token found: nle37eh3dl7hnu1fnge4al46ttcoavnv
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.RestTokenValidationFilter - Trying to authenticate the token
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.RestAuthenticationProvider - Use JWT: false
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.RestAuthenticationProvider - Trying to validate token nle37eh3dl7hnu1fnge4al46ttcoavnv
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.s.GormTokenStorageService - Finding token nle37eh3dl7hnu1fnge4al46ttcoavnv in GORM
14.03.2018 12:03:22.889 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.s.GormTokenStorageService - Searching in GORM for UserDetails of token nle37eh3dl7hnu1fnge4al46ttcoavnv
14.03.2018 12:03:22.912 [http-nio-8080-exec-14] DEBUG g.p.s.r.RestTokenValidationFilter - Authentication failed: User not found
14.03.2018 12:03:22.927 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Looking for bearer token in Authorization header, query string or Form-Encoded body parameter
14.03.2018 12:03:22.927 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Found bearer token in Authorization header
14.03.2018 12:03:22.927 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Token: nle37eh3dl7hnu1fnge4al46ttcoavnv
14.03.2018 12:03:22.928 [http-nio-8080-exec-14] DEBUG g.p.s.r.t.b.BearerTokenAuthenticationFailureHandler - Sending status code 401 and header WWW-Authenticate: Bearer error="invalid_token"
14.03.2018 12:03:22.928 [http-nio-8080-exec-14] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
14.03.2018 12:03:22.928 [http-nio-8080-exec-14] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/api/login' matched by universal pattern '/**'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 3 of 12 in additional filter chain; firing Filter: 'MutableLogoutFilter'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/login'; against '/logoff'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 4 of 12 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /api/login at position 5 of 12 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG g.p.s.rest.RestAuthenticationFilter - Actual URI is /api/login; endpoint URL is /api/login
14.03.2018 12:03:26.108 [http-nio-8080-exec-9] DEBUG g.p.s.rest.RestAuthenticationFilter - Applying authentication filter to this request
14.03.2018 12:03:26.109 [http-nio-8080-exec-9] DEBUG g.p.s.r.c.DefaultJsonPayloadCredentialsExtractor - Extracted credentials from JSON payload. Username: , password: [PROTECTED]
14.03.2018 12:03:26.109 [http-nio-8080-exec-9] DEBUG g.p.s.rest.RestAuthenticationFilter - Trying to authenticate the request
14.03.2018 12:03:26.109 [http-nio-8080-exec-9] DEBUG o.s.s.a.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
14.03.2018 12:03:26.223 [http-nio-8080-exec-9] DEBUG o.s.s.a.h.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ADMIN] one can reach [ROLE_ADMIN] in zero or more steps.
14.03.2018 12:03:26.223 [http-nio-8080-exec-9] DEBUG g.p.s.rest.RestAuthenticationFilter - Request authenticated. Storing the authentication result in the security context
14.03.2018 12:03:26.223 [http-nio-8080-exec-9] DEBUG g.p.s.rest.RestAuthenticationFilter - Authentication result: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@f0f156db: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: ; SessionId: null; Granted Authorities: ROLE_ADMIN
14.03.2018 12:03:26.224 [http-nio-8080-exec-9] DEBUG g.p.s.rest.RestAuthenticationFilter - Generated token: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:aqnlq9hiqhbb57usl4p3is7d9eaqnt5u, expiration:null, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, super:grails.plugin.springsecurity.rest.token.AccessToken@f0edeb3: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN)
14.03.2018 12:03:26.224 [http-nio-8080-exec-9] DEBUG g.p.s.r.t.s.GormTokenStorageService - Storing principal for token: aqnlq9hiqhbb57usl4p3is7d9eaqnt5u
14.03.2018 12:03:26.224 [http-nio-8080-exec-9] DEBUG g.p.s.r.t.s.GormTokenStorageService - Principal: grails.plugin.springsecurity.userdetails.GrailsUser@4fad1751: Username: ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN
14.03.2018 12:03:26.250 [http-nio-8080-exec-9] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - The HttpSession is currently null, and the HttpSessionSecurityContextRepository is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request
14.03.2018 12:03:26.250 [http-nio-8080-exec-9] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/api/userapi/getconfig' matched by universal pattern '/**'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 1 of 12 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 3 of 12 in additional filter chain; firing Filter: 'MutableLogoutFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/userapi/getconfig'; against '/logoff'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 4 of 12 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 5 of 12 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG g.p.s.rest.RestAuthenticationFilter - Actual URI is /api/userAPI/getConfig; endpoint URL is /api/login
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 6 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 7 of 12 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 8 of 12 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG g.p.s.w.f.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@f23b2e68: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: ; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
14.03.2018 12:03:26.450 [http-nio-8080-exec-15] DEBUG o.s.security.web.FilterChainProxy - /api/userAPI/getConfig at position 9 of 12 in additional filter chain; firing Filter: 'RestTokenValidationFilter'
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Looking for bearer token in Authorization header, query string or Form-Encoded body parameter
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Found bearer token in Authorization header
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Token: aqnlq9hiqhbb57usl4p3is7d9eaqnt5u
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.RestTokenValidationFilter - Token found: aqnlq9hiqhbb57usl4p3is7d9eaqnt5u
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.RestTokenValidationFilter - Trying to authenticate the token
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.RestAuthenticationProvider - Use JWT: false
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.RestAuthenticationProvider - Trying to validate token aqnlq9hiqhbb57usl4p3is7d9eaqnt5u
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.s.GormTokenStorageService - Finding token aqnlq9hiqhbb57usl4p3is7d9eaqnt5u in GORM
14.03.2018 12:03:26.451 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.s.GormTokenStorageService - Searching in GORM for UserDetails of token aqnlq9hiqhbb57usl4p3is7d9eaqnt5u
14.03.2018 12:03:26.455 [http-nio-8080-exec-15] DEBUG g.p.s.r.RestTokenValidationFilter - Authentication failed: User not found
14.03.2018 12:03:26.459 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Looking for bearer token in Authorization header, query string or Form-Encoded body parameter
14.03.2018 12:03:26.459 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Found bearer token in Authorization header
14.03.2018 12:03:26.460 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.bearer.BearerTokenReader - Token: aqnlq9hiqhbb57usl4p3is7d9eaqnt5u
14.03.2018 12:03:26.460 [http-nio-8080-exec-15] DEBUG g.p.s.r.t.b.BearerTokenAuthenticationFailureHandler - Sending status code 401 and header WWW-Authenticate: Bearer error="invalid_token"
14.03.2018 12:03:26.460 [http-nio-8080-exec-15] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
14.03.2018 12:03:26.460 [http-nio-8080-exec-15] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Chiranjib Karn
  • 53
  • 5
  • 1
    `14.03.2018 12:03:26.455 [http-nio-8080-exec-15] DEBUG g.p.s.r.RestTokenValidationFilter - Authentication failed: User not found` this line is self-explaining – injecteer Mar 15 '18 at 08:59
  • Yes, I can see it in the log and it is the problem. I mean, I can login with the same user from web application and is working fine. But, in case of mobile application (whose BE and DB are same) it is authenticating the same user as ANONYMOUS. – Chiranjib Karn Mar 15 '18 at 12:20
  • the above line is the reason. Which would mean, that the lookup token is somehow wrong or misspelled – injecteer Mar 15 '18 at 13:00
  • Thanks for your comments. This issue has been fixed. It turned out the problem in my custom CORS filter. – Chiranjib Karn Mar 16 '18 at 10:36

0 Answers0