Spring Boot Security Anonymous authorization

java spring spring-mvc spring-security spring-boot
12,681

You are getting null with:

SecurityContextHolder.getContext().getAuthentication()

because you are not authenticating within you security configuration.

You can add a simple: 

.authenticated()                                                 
            .and()
        // ...
        .formLogin();

in case you're using form login.

Now after you'll authenticate each request you suppose to get something other than null.

Here's an example from Spring Security docs:

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()                                                                
            .antMatchers("/resources/**", "/signup", "/about").permitAll()                  
            .antMatchers("/admin/**").hasRole("ADMIN")                                      
            .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")            
            .anyRequest().authenticated()                                                   
            .and()
        // ...
        .formLogin();
}
Share:
12,681
user1935987
Author by

user1935987

Updated on June 07, 2022

Comments

  • user1935987
    user1935987 almost 2 years

    For multiple purposes I need to use

    SecurityContextHolder.getContext().getAuthentication()

    methods in my controllers/services.

    I did migrate my app to Spring Boot 1.4.1 from XML configured Spring MVC app (now only Java configs), similar approach worked before.

    I have a problem calling SecurityContextHolder.getContext().getAuthentication(), for example in this controller:

    @RestController
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
@RequestMapping("utils")
public class UtilsController {
    @RequestMapping(value = "/check_auth", method = RequestMethod.GET)
    public Boolean getAuthState() throws SQLException {
        if (SecurityContextHolder.getContext().getAuthentication() == null){
            logger.info("Auth obj null");
        }

        if (SecurityContextHolder.getContext().getAuthentication().getName() != null &&  SecurityContextHolder.getContext().getAuthentication().getName() != "anonymousUser") {
            return true;
        } else return false;
    }
}

    it always returns null. Can't figure out why anonymous authentication is not working.

    Here is the Spring Security configuration:

        @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
                .formLogin()
                    .successHandler(ajaxSuccessHandler)
                    .failureHandler(ajaxFailureHandler)
                    .loginProcessingUrl("/authentication")
                    .passwordParameter("password")
                    .usernameParameter("username")
                    .and()
                .logout()
                    .deleteCookies("JSESSIONID")
                    .invalidateHttpSession(true)
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/")
                    .and()
                .csrf().disable()
                    // .anonymous().disable()
                .authorizeRequests()
                    // .anyRequest().anonymous()
                    .antMatchers("/utils").permitAll()
                    .antMatchers("/oauth/token").permitAll()
                    .antMatchers("/admin/*").access("hasRole('ROLE_ADMIN')")
                    .antMatchers("/user/*").access("hasRole('ROLE_USER')");
    }

    I did tried with and without @Secured annotation on the controller.

                    .authorizeRequests()
                    // .anyRequest().anonymous()
                    .antMatchers("/utils").permitAll()

    different variations with this settings.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how to achieve Ldap Authentication using spring security(spring boot)
Spring security 401 Unauthorized even with permitAll
Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
Spring boot - return 403 Forbidden instead of redirect to login page
Java + Spring Boot: I am trying to add CacheControl header to ResponseEntity
Spring Security/Spring Boot - How to set ROLES for users
How to disable csrf in Spring using application.properties?
Disable Spring Security config class for @WebMvcTest in Spring Boot
Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web - Annotations
How to enable HTTP response caching in Spring Boot