[英]Spring Security 4 @AuthenticationPrincipal empty with core.annotation.AuthenticationPrincipal but not web.bind.annotation.AuthenticationPrincipal
我最近剛剛從 Spring Security 3 升級到 4,控制器中的@AuthenticationPrincipal
注釋輸入參數現在是空的。 我設法通過使用已棄用的org.springframework.security.web.bind.annotation.AuthenticationPrincipal
來解決它,但是當使用org.springframework.security.core.annotation
包中的那個時,它是空的。
如果我這樣做,它也會起作用:
User activeUser = (User) ((Authentication) principal).getPrincipal();
我盡可能地遵循遷移指南。
這是我的spring-security.xml
:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<!-- enable use-expressions -->
<http auto-config="false" use-expressions="true">
<intercept-url pattern="/secure/admin**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_SUPER_ADMIN')" />
<intercept-url pattern="/secure/admin/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_SUPER_ADMIN')" />
<intercept-url pattern="/secure/user**" access="isAuthenticated()" />
<intercept-url pattern="/secure/user/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="permitAll" />
<form-login login-page="/login"
authentication-success-handler-ref="redirectRoleStrategy"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"
login-processing-url="/auth/login_check" />
<logout logout-success-url="/login?logout" delete-cookies="JSESSIONID" />
<csrf disabled="true" />
</http>
<beans:bean id='userDetailsService' class='com.myproject.security.UserDetailsServiceImpl' />
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
<beans:bean id='authenticationManager' class='org.springframework.security.authentication.ProviderManager'>
<beans:constructor-arg>
<beans:list>
<beans:ref bean='authenticationProvider' />
</beans:list>
</beans:constructor-arg>
</beans:bean>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider user-service-ref='userDetailsService'>
<password-encoder ref="encoder" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
<beans:bean id="redirectRoleStrategy" class="com.myproject.security.RoleBasedAuthenticationSuccessHandler">
<beans:property name="roleUrlMap">
<beans:map>
<beans:entry key="ROLE_ADMIN" value="/secure/admin"/>
<beans:entry key="ROLE_SUPER_ADMIN" value="/secure/admin"/>
</beans:map>
</beans:property>
</beans:bean>
我只是想通了。 它確實是Spring Security 已棄用的 @AuthenticationPrincipal 的副本。 不幸的是,從未設法找到那個帖子。
我變了
<mvc:annotation-driven>
<mvc:argument-resolvers>
<bean class="org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver" />
</mvc:argument-resolvers>
</mvc:annotation-driven>
到
<mvc:annotation-driven>
<mvc:argument-resolvers>
<bean class="org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver" />
</mvc:argument-resolvers>
</mvc:annotation-driven>
在我的 applicationContext.xml 中。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.