Spring Security 當進入登入頁面時，出現org.springframework.security.access.AccessDeniedException: Access is denied錯誤

在使用Spring Security時，我們通常會允許任何使用者可進入登入頁面（例如login.jsp），所以通常對/login.jsp的存取權限設定如下。

<http>
  <intercept-url pattern="/login.jsp" access="permitAll" />
  ...
</http>

但儘管access已設為permitAll了，但每次系統啟動時在console的log DEBUG訊息都會看到如下錯誤。

13:48:15.157 [http-nio-8080-exec-2] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
 at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
 at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)

但根據官網的說明，這是正常現象所以不用擔心。

參考：

• Spring Security 預設登入及登出頁面如何產生 how default login logout page generate
• Spring Boot Security 自訂登出重新導向路徑 custom logout success redirect url
• Spring Boot + Spring Security 基本配置設定教學
• Spring Security <form-login> 屬性 login-processing-url