SecurityContextHolder.getContext().getAuthentication().getCredentials() returns null after authentication
I have created a simple spring web mvc app and I have one problem. After authentication I try to get an authentication object and for some reason it's credentials is null.
In this project I have a custom AuthenticationProvider which looks like this:
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserService userService;
@Autowired
private RoleService roleService;
@PostConstruct
public void init() {
roleService.AddStandardRolesIfNeeded();
userService.AddUserWithAdminRoleIfNotExists("a");
}
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Object credentials = authentication.getCredentials();
if(!(credentials instanceof String)) {
return null;
}
String username = authentication.getName();
String password = credentials.toString(); //password isn't null here
User user = userService.findByUsernameAndPassword(username, password);
if(user == null) {
throw new BadCredentialsException("Authentication failed for " + username);
}
List<GrantedAuthority> authorities = new ArrayList<>();
for(Role role : user.getRoles()) {
authorities.add(new SimpleGrantedAuthority(role.getName()));
}
Authentication auth = new
UsernamePasswordAuthenticationToken(username, password, authorities);
return auth;
}
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
I am interested in if it is intentionally done in spring security or I am missing something.
Solution
I solved this by passing user object to UsernamePasswordAuthenticationToken constructor instead of username in place of principal.
I changed this:
Authentication auth = new
UsernamePasswordAuthenticationToken(username, password, authorities);
to this:
Authentication auth = new
UsernamePasswordAuthenticationToken(user, password, authorities);
And in controller I get the user so:
User user = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
- spring cache - Null key returned for cache operation
- Different / better approaches for calling python function from Java
- Calling Python Functions from Java (Without Jython, because it is too slow.)
- How do I resolve ClassNotFoundException?
- How to call a java function from python/numpy?
- Calling Java from Python
- Calling Java from Python
- adding custom objects to a list field inside a custom object
- What are Java command line options to set to allow JVM to be remotely debugged?
- Syntax to move backwards in LinkedList?
- Unhandled Exception in Java
- Immutable array in Java
- Final arguments in interface methods - what's the point?
- Does VaadinSession automatically start a session after entering the url in the browser?
- print a LinkedList list in order, forward and backwards
- Serialization of anonymous class in Java
- How can I resize a rectangular image to a square image while maintaining aspect ratio in Java?
- Calling Python in Java?
- How to convert an html String to a PDF InputStream?
- Please explain this very confusing way String intern works
- Jackson XML parsing, two wrappers have the same child element
- Why I get error transaction is in progress when my listener phase AFTER_COMMIT
- How can I call a Go function from Java using the Java native interface?
- How to remove single character from a String by index
- Why are some Android APKs JAR archives and some are ZIP?
- How to include the SPI "uses" and/or "provides" section for a module with Javadoc?
- okhhtp3 mockserver java.lang.NoClassDefFoundError: okhttp3/internal/concurrent/TaskRunner$RealBackend
- Not able to use Coil library in Android View project with mixed Java-Kotlin code
- Oracle testcontainer is not starting in the pipeline
- Creating Model on GRCC TCG