stackoom
  简体   繁体   中英

@AuthenticationPrincipal return empty User

 原文  2016-12-08 22:11:59       java/ spring/ spring-mvc/ spring-security

Question

I have this controller where I save the post information associated with the currently authenticated user: 

@PostMapping("/create")
    public String processPost(
            @CurrentUser User activeUser,
            @ModelAttribute @Valid Post post, 
            Errors errors){
        if(errors.hasErrors()){
            return "admin/post/create";
        }
        User user2 = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        logger.info("Información del usuario mediate @CurrentUser: " + activeUser.toString());
        logger.info("Información del usuario mediate SecurityContextHolder: " + user2.toString());
        post.setAuthor(activeUser);
        postService.create(post);
        return "redirect:/admin/posts/all";
    }

@CurrentUser definition is here: 

package services.security;

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.security.core.annotation.AuthenticationPrincipal;

/**
 *
 * @author sergio
 */
@Target({ElementType.PARAMETER, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal
public @interface CurrentUser {}

When the controller is executed the user obtained by @AuthenticationPrincipal is empty and the one obtained by SecurityContextHolder contains all the information: 

2016-12-10 19:37:52 INFO  PostController:62 - Información del usuario mediate @CurrentUser: User{id=null, username=null, passwordClear=null, confirmPassword=null, password=null, email=null, enabled=true, fullName=null, posts=[]}
2016-12-10 19:37:52 INFO  PostController:63 - Información del usuario mediate SecurityContextHolder: User{id=1, username=sergio11, passwordClear=null, confirmPassword=null, password=$2a$10$LJvYTNacIvqZWDQWjF7xaeheK1MrF.FkXxovb2QgcF2CMudA1mM/., email=sss4esob@gmail.com, enabled=true, fullName=Sergio Sánchez Sánchez, posts=[]}

As I understand using @EnableWebSecurity already enable in the context the resolver argument for the @AuthenticationPrincipal

My Spring Security Configuration is this: 

package config.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import services.security.CustomUserDetailsService;
/**
 *
 * @author sergio
 */
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = CustomUserDetailsService.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth
            .authenticationEventPublisher(defaultAuthenticationEventPublisher)
            .userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/signup").anonymous()
                .antMatchers("/admin/**").authenticated()
                .anyRequest().permitAll()
                .and()
                .formLogin().loginPage("/admin/login").permitAll()
                .usernameParameter("username").passwordParameter("password")
                .and()
                .logout()
                    .logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout"))
                    .logoutSuccessUrl("/admin/login?logout")
                .and()
                .exceptionHandling().accessDeniedPage("/403")
                .and()
                .csrf();
    }

    @Bean
    public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    }
}

I am using Spring Security 4.2.0.RELEASE

thanks :)

2 answers

solution1
 1 ACCPTED  2016-12-14 09:05:03

This issue is because DelegatingFlashMessagesConfiguration from CustomFlashMessagesConfigurer eagerly initializes the handlerExceptionResolver which prevents the AuthenticationPrincipalArgumentResolver from being registered until after Spring MVC has constructed the DispatcherServlets custom argument resolvers.

Therefore I have changed: 

@Configuration
@EnableWebMvc
@ComponentScan(value = { "controllers", "services", "listeners" })
@Import(value = { ThymeleafConfig.class, i18nConfig.class, CustomFlashMessagesConfigurer.class })
public class WebConfig extends WebMvcConfigurerAdapter

For this another: 

@Configuration
@ComponentScan(value = { "controllers", "services", "listeners" })
@Import(value = { ThymeleafConfig.class, i18nConfig.class, CustomFlashMessagesConfigurer.class })
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter

This solves the problem.

solution2
 0  2016-12-08 22:15:43

The error message is quite clear. Your CustomerUserDetails object sounds to be an entity object. Add a default constructor in it: 

public class CustomUserDetails extends User implements UserDetails {
//..
   public CustomUserDetails(){}
//..
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AuthenticationPrincipal returns empty UserDetails object Spring Security 4 @AuthenticationPrincipal empty with core.annotation.AuthenticationPrincipal but not web.bind.annotation.AuthenticationPrincipal ReactiveSecurityContextHolder.getContext() is empty but @AuthenticationPrincipal works Use @AuthenticationPrincipal with JwtAuthenticationToken to use own user class @AuthenticationPrincipal doesn't show the authenticated user When send login request user be null for @AuthenticationPrincipal Why does @AuthenticationPrincipal return the Authentication instead of the principal object? SQL search to return if several user inputs are empty @AuthenticationPrincipal UserModel user is always Null. I tried many solution methods What is the point of @AuthenticationPrincipal annotation?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM