stackoom
  简体   繁体   中英

Why is the GranthedAuthorities in UsernamePasswordAuthenticationToken empty?

 原文  2022-03-31 22:06:07       java/ spring-boot/ hibernate/ authentication/ spring-security

Question

I am stuck with this Java Spring boot problem. I have filled the autorities: this.getAuthorities(user) in the return statement of the loadUserByUsername method. but when I print out the Authentication object it says that the Granted Authorities is empty:

UsernamePasswordAuthenticationToken [Principal=mark, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]

Does anyone have any idea?

Extra Info: User.getRole() == "Role_Default"

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userRepository.findByUsername(username);
        if (user == null) throw new UsernameNotFoundException(username);
        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), this.getAuthorities(user));
    }

    @GetMapping(path = "authenticated")
    @PreAuthorize("hasAuthority('ROLE_DEFAULT')")
    public User getAuthenticatedUser() {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        System.out.println(auth);
        User user = this.getUserByUsername(auth.getPrincipal().toString());
        return user;
    }

    private Collection<GrantedAuthority> getAuthorities(User user) {
        Collection<GrantedAuthority> authorities = new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority(user.getRole()));
        return authorities;
    }

1 answers

solution1
 0  2022-06-21 08:38:33

I experienced this problem as well. I have a custom UserCredentials implementing org.springframework.security.core.userdetails.UserDetails with getAuthorities() implementation returning values - but noting worked Authorities array was empty:

o.s.s.w.a.i.FilterSecurityInterceptor:317 - Re-authenticated UsernamePasswordAuthenticationToken [Principal=dto.UserCredentials@585027b7, Credentials=[PROTECTED], Authenticated=true, Details=null, **Granted Authorities=[]**] before authorizing

The problem was that my implementation of AuthenticationProvider was wrong, it returned :

new UsernamePasswordAuthenticationToken(userCredentials, authentication, Collections.emptyList());

Instead of the correct:

new UsernamePasswordAuthenticationToken(userCredentials, authentication, **userCredentials.getAuthorities()**);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question No AuthenticationProvider found for UsernamePasswordAuthenticationToken Spring Security: AnonymousAuthenticationToken vs UsernamePasswordAuthenticationToken Calling RestAPI from java : No AuthenticationProvider found UsernamePasswordAuthenticationToken How to put User object into UsernamePasswordAuthenticationToken(AuthenticationProvider)? Spring Security JWT validation without using UsernamePasswordAuthenticationToken Spring security UsernamePasswordAuthenticationToken always returns 403: User credentials have expired Spring Security UsernamePasswordAuthenticationToken throws Exception before invoking super class method No AuthenticationProvider found for UsernamePasswordAuthenticationToken - Spring-boot + Oauth2: Restful API Why turns the string to empty? Why is the getElementsByTagNameNS empty in java?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM