尽管我的身份验证成功处理程序被调用,为什么我的身份验证对象为null?

时间:2016-01-14 16:32:01

标签: spring authentication spring-security null principal

我在JBoss WildFly 10.0.0.CR2上使用Spring 3.2.11.RELEASE和Spring Security 3.1.4.RELEASE。我在我的应用程序上下文中设置了以下内容......

<beans:bean id="springboardUsernamePasswordUrlAuthenticationFilter" class="org.mainco.subco.core.security.SubcoUsernamePasswordUrlAuthenticationFilter">
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="authenticationFailureHandler">
        <beans:bean class="org.mainco.subco.myproject.security.SubcoAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/login/failure"/>
            <beans:property name="userService" ref="userService" />
        </beans:bean>
    </beans:property> 
    <beans:property name="authenticationSuccessHandler">
        <beans:bean class="org.mainco.subco.myproject.security.SubcoAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/success"/>
            <beans:property name="userService" ref="userService" />
            <beans:property name="sessionService" ref="sessionService" />
        </beans:bean>
    </beans:property>      
</beans:bean>

我注意到当我输入错误的用户名/密码组合时,会调用失败处理程序,当我输入正确的用户名/密码组合时,会调用成功处理程序,最终会调用以下方法...

@RequestMapping(value = "/success")
public String authenticate(final Principal principal)
{
     …
} 

这是在我的web.xml中配置的。请注意,Spring安全过滤器会捕获有问题的成功URL ...

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
   <filter-name>CSRFGuard</filter-name>
   <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CSRFGuard</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

但是,当调用上面的方法时,“principal”对象为null,所以我无法确定谁登录.Spring中的哪个机制在成功登录后设置了Principal对象?我如何弄清楚为什么我似乎能够正确登录,但是未设置身份验证对象?

0 个答案:

没有答案