Results 1 to 1 of 1

Thread: An Authentication object was not found in the SecurityContext

  1. Mar 20th, 2013, 12:39 AM #1
    Tiny
    Tiny is offline Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Default An Authentication object was not found in the SecurityContext

    I'm using the Spring framework 3.2.0 and the same version of Spring security. My spring-security.xml file looks like the following.

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http pattern="/Login.htm*" security="none"></http>    

    <http auto-config='true'>
    <!--<remember-me key="myAppKey"/>-->
        <session-management session-fixation-protection="newSession">
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
        </session-management>

        <intercept-url pattern="/admin_side/**" access="ROLE_ADMIN" requires-channel="any"/>
        <form-login login-page="/" default-target-url="/admin_side/Home.htm" authentication-failure-url="/LoginFailed.htm" authentication-success-handler-ref="loginSuccessHandler"/>
        <logout logout-success-url="/Login.htm" invalidate-session="true" delete-cookies="JSESSIONID"/>
    </http>

    <authentication-manager>
       <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
               users-by-username-query="select email_id, password, enabled from user_table where lower(email_id)=lower(?)"
               authorities-by-username-query="select ut.email_id, ur.authority from user_table ut, user_roles ur where ut.user_id=ur.user_id and lower(ut.email_id)=lower(?)"/>
       </authentication-provider>
    </authentication-manager>

    <beans:bean id="loginSuccessHandler" class="loginsuccesshandler.LoginSuccessHandler"/>

    <global-method-security secured-annotations="enabled" proxy-target-class="true">
        <protect-pointcut expression="execution(* dao.*.*(..))" access="ROLE_ADMIN"/>
    </global-method-security>

    <!--<global-method-security secured-annotations="enabled" />-->
</beans:beans>
    This works fine in my entire application. After successful login, I need to use AuthenticationSuccessEvent. The class that implements ApplicationListener<AuthenticationSuccessEvent> is as follows.

    Code:
    package loginsuccesshandler;

import dao.UserDAO;
import daoservice.UserSevice;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

@Service
public final class AuthSuccessHandler implements ApplicationListener<AuthenticationSuccessEvent>
{
    @Autowired
    private UserService userSevice;
    
    @Override
    public void onApplicationEvent(AuthenticationSuccessEvent event) 
    {
        String userName = ((UserDetails) event.getAuthentication().getPrincipal()).getUsername();
        System.out.println("userName = "+userSevice.getUser(userName).getFirstName());
    }
}
    This class has been registered as a bean in the applicationContext.xml file and it is a part of <context:component-scan>

    With this, when I attempt to login, I receive the message as the question title indicates. (The exception is consumed under the hood and the full exception stacktrace not available. This message is from sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message).

    when I entirely remove the <global-method-security>...</global-method-security> section, it works and the debugging statement shows the user's first name from the database.

    So, it has to do something with the global method security.

    The following statement,

    Code:
    System.out.println(event.getAuthentication());
    in that event handler displays,

    Code:
    org.springframework.security.authentication.UsernamePasswordAuthenticationToken*​@bad860a5: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffdaa0*​8: RemoteIpAddress: 127.0.0.1; SessionId: AEE54A59C9181C05A176D12E27D88CB1; Granted Authorities: ROLE_ADMIN
    So it appears that the user is authenticated and the authentication object is available. Is there anything I'm missing? What is the way to get around this? Kindly let me know.

    Apparently, I cannot see anything wrong in my application. I cannot imagine what might be the fair reason behind it. If you see something what I may be missing, may be in the config file or somewhere else, then please let me know but I can smell it like a jira issue in the version specified. If someone has already used in the version specified, does it really work with the version specified (3.2.0)?
    Last edited by Tiny; Mar 20th, 2013 at 05:24 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules