Reputation: 71
Spring Security: SecurityContextHolder.getContext().getAuthentication() returns null on Wicket Page
I am using Spring MVC(for REST), Spring Security 3 and Apache Wicket (UI) on Google App Engine. Everything is working fine except I am having trouble in getting the Authentication on the Wicket Page through the SecurityContextHolder after login.
I have google'd this issue, but none seems to be working for me. I suspect this is something wrong with my web xml. Can anyone please help. Thanks.
I am using the tutorials for Spring Security on Google App Engine from http://blog.springsource.org/2010/08/02/spring-security-in-google-app-engine/
Here is my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<display-name>MTP Portal</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mtp-web-servlet.xml, /WEB-INF/mtp-web-security-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>mtp-web</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mtp-web</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>WicketApp</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationFactoryClassName</param-name>
<param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>WicketApp</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Here is my spring security config:
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<global-method-security pre-post-annotations="enabled"/>
<http pattern="/images/**" security="none"/>
<http pattern="/css/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/api/**" security="none"/>
<http pattern="/favicon.ico" security="none"/>
<http pattern="/disabled" security="none"/>
<http use-expressions="true" entry-point-ref="gaeEntryPoint" auto-config="true">
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/api/**" access="permitAll"/>
<intercept-url pattern="/admin/logout" access="permitAll"/>
<intercept-url pattern="/register" access="hasRole('NEW_USER')"/>
<intercept-url pattern="/admin/**" access="hasRole('ADMIN')"/>
<custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter"/>
</http>
<b:bean id="gaeEntryPoint"
class="com.peerbuccoss.apps.mtp.web.authentication.impl.GoogleAccountsAuthenticationEntryPoint"/>
<b:bean id="gaeFilter" class="com.peerbuccoss.apps.mtp.web.authentication.filter.GaeAuthenticationFilter">
<b:property name="authenticationManager" ref="authenticationManager"/>
<b:property name="failureHandler">
<b:bean class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<b:property name="exceptionMappings">
<b:map>
<b:entry key="org.springframework.security.authentication.DisabledException"
value="/disabled"/>
</b:map>
</b:property>
</b:bean>
</b:property>
</b:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="gaeAuthenticationProvider"/>
</authentication-manager>
<b:bean id="gaeAuthenticationProvider"
class="com.peerbuccoss.apps.mtp.web.authentication.provider.GoogleAccountsAuthenticationProvider"/>
Upvotes: 0
Views: 4950
Answers (1)
Reputation: 21720
I'm not sure what URL is failing to obtain the SecurityContext (perhaps you can provide an example URL), but the SecurityContext will not be populated for any URL that is mapped to security="none". This is because security="none" instructs Spring Security to ignore this URL entirely. If you need to access the SecurityContext on a URL that is allowed for every user, then you need to use permitAll.
PS: If this does not help you might provide an example URL that you are having trouble with getting the Authentication. You might also provide details on what you mean by "having trouble in getting the Authentication on the Wicket Page" (i.e. is it null, throwing an Exception, etc).
Upvotes: 1
Related Questions
- Why SecurityContextHolder.getContext().getAuthentication() returning null value?
- Spring Security getAuthentication() returns null
- SecurityContextHolder.getContext().getAuthentication() returning null
- SecurityContextHolder.getContext().getAuthentication().getCredentials() returns null after authentication
- Why SecurityContextHolder.getContext() == null?
- SecurityContextHolder.getContext().getAuthentication().getPrincipal() is null on Controller
- Spring Security AuthenticationCredentialsNotFoundException, SecurityContextHolder.getContext is null
- SecurityContextHolder.getContext().getAuthentication() returns String
- Getting empty or null SecurityContextHolder.getContext().getAuthentication()
- Spring Security SecurityContextHolder.getContext().getAuthentication() returns null