Reputation: 1789
Sprint Rest AuthenticationPrincipal returns customUser with only null values
I am trying to get the currently logged in user (basic auth) in a spring boot REST backend:
@RequestMapping(value = "/someURL", method = RequestMethod.GET)
public @ResponseBody Map someMethod(
Authentication auth, // <==== works
@AuthenticationPrincipal(expression = "liquidoUserModel") UserModel liquidoUserModel
)
{
log.debug(auth.getPrincipal()) // <==== THIS WORKS
log.debug(liquidoUserModel) // <==== returns an intance with empty fields
}
Here is my custom UserModel
@Data // Lombok magic for all the getters and setters
@Entity
@RequiredArgsConstructor
@Table(name = "users")
public class UserModel {
@Id
Long id;
@NonNull
@Column(unique = true)
public String email;
[...]
}
And this is my UserDetailsService
public class LiquidoUserDetailsService implements UserDetailsService {
@Autowired
UserRepo userRepo;
@Override
public LiquidoAuthUser loadUserByUsername(String email) throws UsernameNotFoundException {
UserModel userModel = userRepo.findByEmail(email);
return new LiquidoAuthUser(userModel.getEmail(), userModel.getPasswordHash(), getGrantedAuthorities(userModel), userModel);
}
}
And finally the LiquidoAuthUser
public class LiquidoAuthUser extends User {
private UserModel liquidoUserModel;
public LiquidoAuthUser(String username, String password, Collection<? extends GrantedAuthority> authorities, UserModel liquidoUserModel) {
super(username, password, authorities);
this.liquidoUserModel = liquidoUserModel;
}
public UserModel getLiquidoUserModel() {
return liquidoUserModel;
}
public void setLiquidoUserModel(UserModel userModel) {
this.liquidoUserModel = userModel;
}
}
And of course I have the @EnableWebMvc annotation on my main SpringApplication class.
My problem: How can I get the currently authenticated custom UserModel in the REST handler?
The strange thing: I actually can get my custom user from the Authentication auth object. Why does the @AuthenticationPrincipal not work?
I am using spring-security-4.1.3-RELEASE
Full code is open source at https://github.com/Doogiemuc/liquido-backend-spring
Upvotes: 1
Views: 261
Answers (1)
Reputation: 163
I tried and debug your code but not able to find issue of
@AuthenticationPrincipal. Typically this annotation is resolved by AuthenticationPrincipalArgumentResolver class of spring security web annotation. By using @EnableWebSecurity you will automatically have this added to your Spring MVC configuration. Need to be debug more on AuthenticationPrincipalArgumentResolver that for time being I will suggest go with Authentication class and get your object.
Upvotes: 1
Related Questions
- SecurityContextHolder.getPrincipal() returns AnonimousUser after authentication using Spring Security
- getPrincipal() method returning username instead of UserDetails
- AuthenticationPrincipal returns empty UserDetails object
- Spring Boot not returning username using CustomAuthenticationProvider
- Spring security authentication fails with Custom user
- Null @AuthenticationPrincipal and PreAuthorized not working Spring Boot 2 / Security 5
- Spring security with @RestController - JSONish CustomAuthenticationProvider response
- Spring Security request.getUserPrincipal() always null
- @AuthenticationPrincipal return empty User
- Spring Security getPrincipal() method returns anonymousUser