I want to manually bypass the user from spring Security using the following code:
User localeUser = new User();
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities());
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(auth);
// Create a new session and add the security context.
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "dummyLogin";
The dummy login page(handled by tiles)internally calls a different Request Mapping in the same controller where i am trying to get the Authentication something like this.
SecurityContextHolder.getContext().getAuthentication()
Where i am getting null!!!.
Please helpp!
So i found the actual problem!.
The issue was that i had marked the whole controller with security="none" in the security-context.xml.
So when it was bounced from the first link to the 2nd it dint pass any security context with it!!
Sorry fr the trouble guys.
Additional Answer: If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:
<http>
//...
<intercept-url pattern="/your/url/**" access="permitAll"/>
//...
</http>
Then, you will be able to check the logged-in user if logged-in or get the credentials.
Your localUser is null.So the auth become null.So no authentication object has been added to the security context.
Please have look at the doc
http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/User.html
It is better to have a customUserDetailsService
public class CustomUserDetailsService implements UserDetailsService
//implement the method which return a UserDetails Object
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
then you can use
UserDetails userDetails= customUserDetailsService.loadUserByUsername("name");
Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ;
SecurityContextHolder.getContext().setAuthentication(authentication);
Try this:
Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
localeUser .setUserNm(authentication.getName());
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 爷的心禁止访问 的文章《SecurityContextHolder.getContext().getAuthenticati》','https://www.manongdao.com/article-664916.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}