1

I'm trying to get access to an Authentication object in order to get the user's name, but the Authentication object is null.

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        log.warn("Authentication was null during get current user name!");
        return ANONYMOUS_USER;
    }
    return authentication.getName();

However we can call (from the same method):

HttpServletRequest req = (HttpServletRequest)inRequest;
String user = req.getRemoteUser();

And discover that user is set correctly.

EDIT: So I found something that stated the problem may be due to not having gone through the security filter chain.

So I added in a filter chain, but no success.

Here is my web.xml:

<filter>
  <filter-name>springSecurityFilterChainProxy</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChainProxy</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

  <filter>
    <filter-name>cors</filter-name>
    <filter-class>com.us.tsp.rest.CorsFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>cors</filter-name>
    <url-pattern>/jaxrs/*</url-pattern>
  </filter-mapping>

Here is my spring config xml:

    <bean id="securityContextPersistenceFilter" 
        class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>

<bean id="springSecurityFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
  <sec:filter-chain-map >
     <sec:filter-chain pattern="/**" filters="
           securityContextPersistenceFilter" />
  </sec:filter-chain-map>
</bean>

END EDIT

Here is my security.xml:

<beans 
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <sec:http use-expressions="true">
        <sec:intercept-url pattern="/**" access="isAuthenticated()" />
        <sec:http-basic />
    </sec:http>

    <sec:ldap-server
        url="xxxxxxxxxxxxxxxx"
        manager-dn="xxxxxxxxxxxx"
        manager-password="xxxxxxxxx"
    />

    <sec:authentication-manager alias="authenticationManager">
        <sec:ldap-authentication-provider
            user-search-base="xxxxx"
            user-search-filter="xxxxxx"
            group-search-filter="member={0}"
            group-search-base="xxxxxxxxx"
            role-prefix="ROLE_"
        />
    </sec:authentication-manager>

</beans>
James Hutchinson
  • 841
  • 2
  • 13
  • 27
  • Your configuration and code looks right, whenever a user an access the application then it should have a valid Authentication. But your word choice makes *another point of the code* me worried. - Why not at the same point. So I came up with this idea about your problem: When I remember right, `SecurityContextHolder.getContext()` is based on a thread local (at some point), so maybe your `SecurityContextHolder.getContext()` is in an thread that is not the one that handles the HTTP Request? – Ralph Oct 22 '15 at 16:58
  • See: http://stackoverflow.com/questions/6408007/spring-securitys-securitycontextholder-session-or-request-bound for an explanation how it is based on threads. – Ralph Oct 22 '15 at 17:07
  • @Ralph I tried moving all my code to the same location, and I get the same behaviour. Thank you for your comment on the thread, as we do happen to kick off a thread at a different point though. (I've edited the question to remove the ambiguity). – James Hutchinson Oct 26 '15 at 14:58

0 Answers0