Java SecurityContextHolder.getContext().getAuthentication() 返回 null
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22191386/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SecurityContextHolder.getContext().getAuthentication() returning null
提问by Rajesh Wadhwa
I want to manually bypass the user from spring Security using the following code:
我想使用以下代码从 spring Security 手动绕过用户:
User localeUser = new User();
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities());
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(auth);
// Create a new session and add the security context.
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "dummyLogin";
The dummy login page(handled by tiles)internally calls a different Request Mapping in the same controller where i am trying to get the Authentication something like this.
虚拟登录页面(由磁贴处理)在同一控制器中内部调用不同的请求映射,我试图在其中获取类似这样的身份验证。
SecurityContextHolder.getContext().getAuthentication()
Where i am getting null?
我在哪里得到空?
采纳答案by Rajesh Wadhwa
So i found the actual problem!. The issue was that i had marked the whole controller with security="none" in the security-context.xml. So when it was bounced from the first link to the 2nd it dint pass any security context with it!! Sorry fr the trouble guys.
所以我发现了实际问题!问题是我在 security-context.xml 中用 security="none" 标记了整个控制器。因此,当它从第一个链接反弹到第二个链接时,它不会传递任何安全上下文!对不起,麻烦各位。
回答by RPaul
Your localUser is null.So the auth become null.So no authentication object has been added to the security context.
您的 localUser 为 null.So auth 变为 null.So 没有身份验证对象已添加到安全上下文。
Please have look at the doc
请查看文档
It is better to have a customUserDetailsService
最好有一个 customUserDetailsService
public class CustomUserDetailsService implements UserDetailsService
//implement the method which return a UserDetails Object
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
then you can use
然后你可以使用
UserDetails userDetails= customUserDetailsService.loadUserByUsername("name");
Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ;
SecurityContextHolder.getContext().setAuthentication(authentication);
回答by Bahadir Tasdemir
Additional Answer:If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:
附加答案:如果您想获取非安全 url 的登录用户详细信息,则可以将它们添加到安全 url 并分配为“permitAll”,如下所示:
<http>
//...
<intercept-url pattern="/your/url/**" access="permitAll"/>
//...
</http>
Then, you will be able to check the logged-in user if logged-in or get the credentials.
然后,您将能够检查登录用户是否已登录或获取凭据。
回答by jagadish Beejapu
Try this:
尝试这个:
Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
localeUser .setUserNm(authentication.getName());
