CODEWITHSUNDEEP
javajakarta-eespring-security
user3594045
user3594045

Reputation: 43

Why can't spring security get a username?

I am using spring security, and I can't seem to see if a user has successfully logged in to save my life and then get the actual user name. The 'spring' (SecurityContextHolder) and 'J2EE' (request.getUserPrincipal()) way both return nulls.

My web.xml

  <filter>
    <filter-name>AuthFilter</filter-name>
    <filter-class>com.company.security.AuthFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>AuthFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
....
  <servlet>
    <servlet-name>agent-desktop</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>agent-desktop</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

Spring config:

<mvc:resources mapping="/r/**" location="/resources/" />

Spring security config:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <intercept-url pattern="/agent/**" access="ROLE_USER" />
        <intercept-url pattern="/supervisor/**" access="ROLE_USER" />
        <form-login login-page="/r/views/login.html" default-target-url="/dashboard" authentication-failure-url="/r/views/loginfailed.html" />
        <logout logout-success-url="/logout" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="pw123" authorities="ROLE_USER, ROLE_ADMIN" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

Here is my filter code:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpSession session = req.getSession();
     Authentication auth = SecurityContextHolder.getContext().getAuthentication();
     if(auth != null)
     {
      String name = auth.getName(); //get logged in username
          System.out.println("name:"+name);
      User user = (User)auth.getPrincipal();
      if(user != null)
          System.out.println("user:"+user.getUsername());
     }
    if(req.getUserPrincipal() != null) // someone has logged in - IT IS ALWAYS NULL
        {
              /// IT NEVER GETS IN HERE!!!!!!!!!!

Upvotes: 0

Views: 1089

Answers (2)

Kris
Kris

Reputation: 133

Use this code in web.xml instead of the filter.

<!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
                  org.springframework.web.filter.DelegatingFilterProxy
                </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

To get the login user details have a separate class like this

public class AccountUtils {
    public static Authentication getAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    public static UserAccount getLoginUserAccount() {
        if (getAuthentication() != null && getAuthentication().getPrincipal() instanceof UserAccount) {
            return (UserAccount)getAuthentication().getPrincipal();
        }
        return null;
    }

    public static String getLoginUserId() {
        UserAccount account = getLoginUserAccount();
        return (account == null) ? null : account.getUserId();
    }

    private AccountUtils() {}
}

Upvotes: 0

Sudarshan
Sudarshan

Reputation: 8664

I suspect you have missed out including a filter in your web.xml. You might want to read up on how to configure spring security from here

 <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

Upvotes: 1

Related Questions