CODEWITHSUNDEEP
javaspringauthenticationnullspring-security
tschaei
tschaei

Reputation: 317

Spring Security - Authentication's username is null in AuthenticationSuccessHandler

I have a Customer class which has all the account info.(it does NOT extend Spring's userdetails.User class) I'm trying to do some stuff after a successful login (e.g. set new last login time). To achieve this I set up a custom AuthenticationSuccessHandler.

In the onAuthenticationSuccess method I try to get the username from the Authentication object. This object however is a User object. If I try to get the username from it I get null. Can I somehow manage to make the Authority object a Customer object? Or does my Customer class have to extend the User class?

Update

Some more details:

I have my User class. It is completely self written and doesn't implement or extend any interface/class. I do not have a class that implements a UserDetailsService. The <form-login> part of my applicationContext-security.xml looks like this:

<form-login login-page="/index.htm"
                authentication-success-handler-ref='authSuccHandler'
                authentication-failure-handler-ref='authFailureHandler'
                default-target-url='/library/login.htm'
                always-use-default-target='true'/>

Theh authSuccHandler looks like this: (The necessary bean definition is in place)

public class PostSuccessfulAuthenticationHandler extends  SimpleUrlAuthenticationSuccessHandler 
{
@Autowired
private UserService userService;

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws ServletException, IOException 
        {
            userService.trackUserLogin(authentication.getName()); //NullPointerException
            super.onAuthenticationSuccess(request, response, authentication);
        }
}

The form redirects to j_spring_security_check

Upvotes: 3

Views: 4032

Answers (3)

Balasubramanian Jayaraman
Balasubramanian Jayaraman

Reputation: 333

When the request comes into the authentication success handler, it expects you to redirect to the desired URL. Use the following to redirect to the desired page like home.htm. This will work definitely! The modified code is given below. Check it and let me know if you have any issues.

 public class PostSuccessfulAuthenticationHandler extends  SimpleUrlAuthenticationSuccessHandler 
  {
        @Autowired
        private UserService userService;

        @Override
        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
    Authentication authentication) throws ServletException, IOException 
    {
        userService.trackUserLogin(authentication.getName()); //NullPointerException
        response.sendRedirect("home.htm");
        //super.onAuthenticationSuccess(request, response, authentication);
    }
}

Upvotes: 1

Chriskot
Chriskot

Reputation: 647

I think the method you are looking for is getPrincipal on Authentication. Then you have to case the object that comes back to your custom class.

User user = (User)authentication.getPrincipal();

Upvotes: 0

axtavt
axtavt

Reputation: 242786

Authentication cannot be User, since they don't inherit each other.

If your UserDetailsService produces a custom UserDetails, you should be able to obtain it by calling getDetails() on Authentication.

Upvotes: 1

Related Questions