Results 1 to 3 of 3

Thread: Not able to access securityContext from http filters why ?

  1. Feb 21st, 2012, 12:08 AM #1
    abhi patil
    abhi patil is offline Senior Member
    Join Date
    Jun 2011
    Posts
    117

    Default Not able to access securityContext from http filters why ?

    Hi,

    I have http filters in position. After user logs in its authentication object is set in securityContextHolder as far as my knowledge is concerned.
    When second request goes i have written my own filter which runs before any other filter runs. I am trying to access this authentication object my code for that is SecurityContextHolder.getContext().getAuthenticati on() but it returns me null.

    this happens after authentication had taken place so i believe object will be in session. I was able to access some token object from session. SPRING_SECURITY_CONTEXT but its value i am getting null
    How can I get this authentication object in my servlet filters ? any clue ?
    Last edited by abhi patil; Feb 21st, 2012 at 12:15 AM.
    In Rat race who ever wins or looses still remains the Rat.
    Reply With Quote Reply With Quote
  2. Mar 2nd, 2012, 04:57 PM #2
    qualcommRobert
    qualcommRobert is offline Junior Member
    Join Date
    Jan 2012
    Posts
    4

    Default

    I believe I have the same problem with version 3.1.0.RELEASE of Spring Security.
    In my case, I am using Spring Security with Webservices, and I am checking authentication within a class that extends org.springframework.ws.server.EndpointInterceptor.

    My applicationContext-security.xml configuration file (imported by applicationContext.xml) contains the following:
    <!-- <s:http pattern="/*.wsdl" security="none"/> -->
    <s:http auto-config='true'
    access-decision-manager-ref="affirmativeBased" >
    <s:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
    <s:http-basic />
    </s:http>

    With "<s:http pattern="/*.wsdl" security="none"/>" comment out, the following code executes without exception:
    SecurityContext secureContext = SecurityContextHolder.getContext();
    Authentication auth = secureContext.getAuthentication();
    if ( auth == null )
    throw new UsernameNotFoundException("Spring Security SecurityContextHolder failing");

    If "<s:http pattern="/*.wsdl" security="none"/>" is enabled, the exception this thrown.

    Try simplifying your configuration to a single intercept-url and see if this causes your code to work properly.
    I am also going to write this up as a question, and see if anyone else has seen this bug.
    Reply With Quote Reply With Quote
  3. Mar 2nd, 2012, 06:46 PM #3
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,834

    Default

    The value will be in session, but it will not be placed into the SecurityContextHolder until after the SessionManagementFilter extracts the SecurityContext from the session and places the SecurityContext on the SecurityContextHolder. In short, you cannot obtain values from the SecurityContextHolder until after the SessionManagementFilter places it there.
    Rob Winch
    Twitter @rob_winch
    Spring Security Lead
    Spring by Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules