SecurityContextHolder.getContext().getAuthentication() returning null

java spring security spring-security
56,688

Solution 1

So, I found the actual problem! The issue was that I had marked the whole controller with security="none" in the security-context.xml. So, when it was bounced from the first link to the 2nd, it didn't pass any security context with it!! Sorry for the trouble, guys.

Solution 2

Additional Answer: If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:

<http>
    //...

    <intercept-url pattern="/your/url/**" access="permitAll"/>

    //...
</http>

Then, you will be able to check the logged-in user if logged-in or get the credentials.

Solution 3

Your localUser is null.So the auth become null.So no authentication object has been added to the security context.

Please have look at the doc

http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/User.html

It is better to have a customUserDetailsService

public class CustomUserDetailsService implements UserDetailsService 

//implement the method which return a UserDetails Object
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException

then you can use

    UserDetails userDetails= customUserDetailsService.loadUserByUsername("name"); 
Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ; 
SecurityContextHolder.getContext().setAuthentication(authentication);
Share:
56,688

Related videos on Youtube

Rajesh Wadhwa
Author by

Rajesh Wadhwa

Updated on July 10, 2022

Comments

  • Rajesh Wadhwa
    Rajesh Wadhwa almost 2 years

    I want to manually bypass the user from spring Security using the following code:

    User localeUser = new User();
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities());
SecurityContext securityContext = SecurityContextHolder.getContext();
        securityContext.setAuthentication(auth);
        // Create a new session and add the security context.
        HttpSession session = request.getSession(true);
        session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "dummyLogin";

    The dummy login page(handled by tiles)internally calls a different Request Mapping in the same controller where i am trying to get the Authentication something like this.

    SecurityContextHolder.getContext().getAuthentication()

    Where i am getting null?

    • Selva
      Selva about 10 years
      You are passing an empty User object to UsernamePasswordAuthenticationToken constructor. May be that is the reason you are getting null.
    • Dave Syer
      Dave Syer about 10 years
      Also a null password (I think that's also illegal). Maybe if you show the stack trace?
    • hi_my_name_is
      hi_my_name_is about 10 years
      password can be null, I would rather check if session is the same after you create it and in code which run getAuthentication. Log your session.getId() to check it.
    • Jay
      Jay about 10 years
      Do you want to bypass the security only for some particular pages or particular user or for all ?
    • Rajesh Wadhwa
      Rajesh Wadhwa about 10 years
      I want to bypass for all the pages for that particular session Id(User)
    • Rajesh Wadhwa
      Rajesh Wadhwa about 10 years
      Also i checked the session ID in both the requests !its the same.Cant get the problem
  • Rajesh Wadhwa
    Rajesh Wadhwa about 10 years
    localUser is not null!.its a custom user object of the application which on initialization self created the Ids and Details in it.
  • Andrei Suvorkov
    Andrei Suvorkov almost 6 years
    You don't have to comment it. Instead could you add your commnet to answer
  • Asraful
    Asraful over 5 years
    helped me to solve my issue , i put certain url pattern in ignore configuration , and result is null security context in those controller , removing from ignore configuration makes this controller as secure , eventually get the security context as desired
  • testing_22
    testing_22 almost 2 years
    The first sentence is so right on point in my case. It should be highlighted

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Spring security authrorize based on input parameter criteria
Spring Boot Security redirect after successful login - undefined
How to integrate Spring Security and Struts2
Spring-Security: Return Status 401 When AuthenticationManager Throws BadCredentialsException
How to interpret hasPermission in spring security?
Spring Security custom UserDetailsService and custom User class
Spring Security - Access is denied (user is not anonymous) spring-security-core-4.0.3.RELEASE
Spring Security, Method Security annotation (@Secured ) is not working (java config)
antMatchers Spring Security pattern with changeable URL user ID
JAAS for human beings