I had to implement a custom "authentication provider" for a project, but I ran into troubles when trying to acces the Authentication's object properties in JSP. Details: My custom authentication provider successfully creates an Authentication object
Authentication auth = new UsernamePasswordAuthenticationToken(username, password, getAuthorities(userRoles));
log.info("User is authenticated");
return auth;
(Only relevant code here)
Then, in the controller method, I just display a log message with the username (this proves that the Authentication object is created and placed in the security context):
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
log.info("Welcoming user " + auth.getPrincipal());
Then in the JSP page I want to display the user name using
<sec:authentication property="principal"/>
However, this raises an error 500:
org.springframework.beans.NotReadablePropertyException: Invalid property 'principal' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]: Bean property 'principal' is not readable...
I also noticed that
<sec:authorize ifAnyGranted="role">...
is not working, although the user has the necessary roles added in the Authentication object.
Is there something I'm doing wrong? The authentication works fine, I just can't access the authentication object's properties.
Thank you very much and have a good day.
Given that I can't see anything wrong with your case, I think it can be SPR-8347 bug, which is fixed in Spring 3.1.1. Can you do an upgrade?