获取空或null SecurityContextHolder.getContext()。getAuthentication()

时间:2013-11-20 12:01:46

标签: java spring spring-security

我正在实现扩展默认过滤器的MyUsernamePasswordAuthenticationFilter。

我没有做任何事情。我只是想在这里得到请求以使其变得简单。

public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {          

        return super.attemptAuthentication(request, response); 
    } 
}

我在请求中传递了用户名和密码参数。

j_username=Test&j_password=Test

我正在身份验证提供程序中进行身份验证

public class MyiAuthenticationProvider
    implements AuthenticationProvider
    {
        public Authentication authenticate(Authentication a)
            throws AuthenticationException
        {      

            UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) a;
            System.out.println("The user name is"+ String.valueOf(auth.getPrincipal()));

            ----
            ----
        }
    }

我的applicationcontext就像这样

<sec:http auto-config="false" entry-point-ref="MyAuthenticationEntryPoint"
        create-session="always">
        <sec:custom-filter position="FORM_LOGIN_FILTER"
            ref="myUsernamePasswordAuthenticationFilter" />
        <sec:logout logout-url="/logout" success-handler-ref="MyLogoutSuccessHandler" />
    </sec:http>

    <bean id="myUsernamePasswordAuthenticationFilter"
        class="my.test.site.security.MyUsernamePasswordAuthenticationFilter">
        <property name="filterProcessesUrl" value="/login" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationFailureHandler" ref="myAuthenticationFailureHandler" />
        <property name="authenticationSuccessHandler" ref="myLoginSuccessHandler" />
    </bean>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="myAuthenticationProvider" />
    </sec:authentication-manager>

    <bean id="myAuthenticationProvider" class="my.test.site.security.MyAuthenticationProvider" />
    <bean id="myAuthenticationEntryPoint" class="my.test.site.security.MyAuthenticationEntryPoint" />
    <bean id="myLoginSuccessHandler" class="my.test.site.security.MyLoginSuccessHandler" />
    <bean id="myLogoutSuccessHandler" class="my.test.site.security.MyLogoutSuccessHandler" />
    <bean id="myAuthenticationFailureHandler" class="my.test.site.security.MyAuthenticationFailureHandler" />
    <bean id="myPreAuthFilter" class="my.test.site.security.MyPreAuthenticationFilter" />

我收到空用户名和密码。

我错过了任何配置吗?

1 个答案:

答案 0 :(得分:1)

由于您正在从请求中读取输入流,因此您没有做任何事情并不是真的。

如果您检查HttpServletRequest课程的Javadoc,请"can interfere with the execution" of the getParameter method

正常身份验证依赖于getParameter的使用,因此如果您希望它工作,则不应触及流。处理请求时,您应该自己阅读或允许servlet容器执行此操作并使用getParameter方法访问参数。

相关问题
最新问题