I want to manually bypass the user from spring Security using the following code:
User localeUser = new User();
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities());
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(auth);
// Create a new session and add the security context.
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "dummyLogin";
The dummy login page(handled by tiles)internally calls a different Request Mapping in the same controller where i am trying to get the Authentication something like this.
SecurityContextHolder.getContext().getAuthentication()
Where i am getting null?
So, I found the actual problem! The issue was that I had marked the whole controller with security="none" in the security-context.xml. So, when it was bounced from the first link to the 2nd, it didn't pass any security context with it!! Sorry for the trouble, guys.
Additional Answer: If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:
<http>
//...
<intercept-url pattern="/your/url/**" access="permitAll"/>
//...
</http>
Then, you will be able to check the logged-in user if logged-in or get the credentials.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With