Question
I am using spring security, and I can't seem to see if a user has successfully logged in to save my life and then get the actual user name. The 'spring' (SecurityContextHolder) and 'J2EE' (request.getUserPrincipal()) way both return nulls.
My web.xml
https://stackoverflow.com/questions/23415680
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.company.security.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
....
<servlet>
<servlet-name>agent-desktop</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>agent-desktop</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Spring config:
<mvc:resources mapping="/r/**" location="/resources/" />
Spring security config:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true">
<intercept-url pattern="/agent/**" access="ROLE_USER" />
<intercept-url pattern="/supervisor/**" access="ROLE_USER" />
<form-login login-page="/r/views/login.html" default-target-url="/dashboard" authentication-failure-url="/r/views/loginfailed.html" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="pw123" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Here is my filter code:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if(auth != null)
{
String name = auth.getName(); //get logged in username
System.out.println("name:"+name);
User user = (User)auth.getPrincipal();
if(user != null)
System.out.println("user:"+user.getUsername());
}
if(req.getUserPrincipal() != null) // someone has logged in - IT IS ALWAYS NULL
{
/// IT NEVER GETS IN HERE!!!!!!!!!!
Solution
I suspect you have missed out including a filter in your web.xml. You might want to read up on how to configure spring security from here
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
OTHER TIPS
Use this code in web.xml instead of the filter.
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
To get the login user details have a separate class like this
public class AccountUtils {
public static Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
public static UserAccount getLoginUserAccount() {
if (getAuthentication() != null && getAuthentication().getPrincipal() instanceof UserAccount) {
return (UserAccount)getAuthentication().getPrincipal();
}
return null;
}
public static String getLoginUserId() {
UserAccount account = getLoginUserAccount();
return (account == null) ? null : account.getUserId();
}
private AccountUtils() {}
}
