Zibrash
Reputation: 23
Principal is null: Spring
I have the following @RestContoller for login:
@RequestMapping("/account/login")
@ResponseBody
@CrossOrigin(origins = "*", maxAge = 3600)
public Principal login(Principal principal) {
logger.info("user logged " + principal.getName());
return principal;
}
I have the following request made by client which is an Angularjs application.
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fa;q=0.8,it;q=0.7
Authorization: Basic bWVocmRhZGFsbGFoa2FyYW1pQGdtYWlsLmNvbTptZWhyZGFk
Connection: keep-alive
DNT: 1
Host: localhost:8080
Origin: http://localhost:4200
Referer: http://localhost:4200/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
However I get 200 in response, the server prints null and the client get error in response:
HttpErrorResponse {headers: HttpHeaders, status: 400, statusText: "OK", url: "http://localhost:8080/account/login", ok: false, …}error: {timestamp: 1540136257516, status: 400, error: "Bad Request", exception: "org.springframework.web.bind.ServletRequestBindingException", message: "Missing request header 'header' for method parameter of type Header", …}headers: HttpHeaders {normalizedNames: Map(0), lazyUpdate: null, lazyInit: ƒ}message: "Http failure response for http://localhost:8080/account/login: 400 OK"name: "HttpErrorResponse"ok: falsestatus: 400statusText: "OK"url: "http://localhost:8080/account/login"__proto__: HttpResponseBase
Can anyone help me know where do I wrong? It was working before, but I used interceptors in Angular and it is not working anymore.
My login controller is this:
@Injectable()
export class AuthService {
constructor(public http: HttpClient, public auth: InterceptorAuthService) {
}
public logIn(user: User) {
this.auth.setUser(user);
return this.http.get(AppComponent.API_URL + "/account/login")
.pipe(
map(response => {
// login successful if there's a jwt token in the response
let user = response;// the returned user object is a principal object
if (user) {
// store user details in local storage to keep user logged in between page refreshes
localStorage.setItem('currentUser', JSON.stringify(user));
}
},
catchError(error => {
return Observable.throw(error);
})
));
}
}
WebConfig.java configuration:
// This method is used for override HttpSecurity of the web Application.
// We can specify our authorization criteria inside this method.
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
// ignoring the guest's urls "
http.antMatcher("/account/**").authorizeRequests().anyRequest().authenticated().and()
.antMatcher("/token").authorizeRequests().anyRequest().authenticated()
.antMatchers("/logout").permitAll()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.httpBasic();
// authenticate all remaining URLS
// @formatter:on
}
Upvotes: 2
Views: 6002
Answers (2)
Frostbite22
Reputation: 9
Try adding sec:authorize="isAuthenticated() to "/account/login" template where you want to display the username
For Example:
<h3 sec:authorize="isAuthenticated()" th:text="${user.username}"></h3>
It would get the the state of authentication if it has happened, else, it would not display the <h3> block of code.
Upvotes: 0
venkey
Reputation: 66
@Component
public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
@Override
public void afterPropertiesSet() throws Exception {
setRealmName("Baeldung");
super.afterPropertiesSet();
}
@Override
public void commence(
HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
throws IOException, ServletException {
response.addHeader("WWW-Authenticate", "Basic realm="" + getRealmName() + """);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
PrintWriter writer = response.getWriter();
writer.println("HTTP Status 401 - " + authEx.getMessage());
}
}
// inside filter we can get the
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
Upvotes: 0
Related Questions
- Null @AuthenticationPrincipal with Spring-Boot / Security
- Hi! I have a problem with spring-security+angular authentication
- Principal is returned as UsernamePasswordAuthenticationToken
- Spring Security - Invalid property 'principal' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]
- Spring Security principal cannot be found from SpEL
- Spring Boot 1.4: Principal must not be null exception
- @AuthenticationPrincipal with Spring Boot not working
- IllegalArgumentException on Spring RestController when using Spring security Principal object for authentication
- getting principal object in spring security even after using setAuthenticated(false)
- spring security principal null/user not logged in on permitAll path