SecurityContextHolder.getContext().getAuthentication() returning null
Solution 1
So, I found the actual problem! The issue was that I had marked the whole controller with security="none" in the security-context.xml. So, when it was bounced from the first link to the 2nd, it didn't pass any security context with it!! Sorry for the trouble, guys.
Solution 2
Additional Answer: If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:
<http>
//...
<intercept-url pattern="/your/url/**" access="permitAll"/>
//...
</http>
Then, you will be able to check the logged-in user if logged-in or get the credentials.
Solution 3
Your localUser is null.So the auth become null.So no authentication object has been added to the security context.
Please have look at the doc
It is better to have a customUserDetailsService
public class CustomUserDetailsService implements UserDetailsService
//implement the method which return a UserDetails Object
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
then you can use
UserDetails userDetails= customUserDetailsService.loadUserByUsername("name");
Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ;
SecurityContextHolder.getContext().setAuthentication(authentication);
Related videos on Youtube
Rajesh Wadhwa
Updated on July 10, 2022Comments
-
Rajesh Wadhwa almost 2 years
I want to manually bypass the user from spring Security using the following code:
User localeUser = new User(); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities()); SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(auth); // Create a new session and add the security context. HttpSession session = request.getSession(true); session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext); return "dummyLogin";
The dummy login page(handled by tiles)internally calls a different Request Mapping in the same controller where i am trying to get the Authentication something like this.
SecurityContextHolder.getContext().getAuthentication()
Where i am getting null?
-
Selva about 10 yearsYou are passing an empty User object to UsernamePasswordAuthenticationToken constructor. May be that is the reason you are getting null.
-
Dave Syer about 10 yearsAlso a null password (I think that's also illegal). Maybe if you show the stack trace?
-
hi_my_name_is about 10 yearspassword can be null, I would rather check if session is the same after you create it and in code which run getAuthentication. Log your session.getId() to check it.
-
Jay about 10 yearsDo you want to bypass the security only for some particular pages or particular user or for all ?
-
Rajesh Wadhwa about 10 yearsI want to bypass for all the pages for that particular session Id(User)
-
Rajesh Wadhwa about 10 yearsAlso i checked the session ID in both the requests !its the same.Cant get the problem
-
-
Rajesh Wadhwa about 10 yearslocalUser is not null!.its a custom user object of the application which on initialization self created the Ids and Details in it.
-
Andrei Suvorkov almost 6 yearsYou don't have to comment it. Instead could you add your commnet to answer
-
Asraful over 5 yearshelped me to solve my issue , i put certain url pattern in ignore configuration , and result is null security context in those controller , removing from ignore configuration makes this controller as secure , eventually get the security context as desired
-
testing_22 almost 2 yearsThe first sentence is so right on point in my case. It should be highlighted