Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security - AuthenticatedPricipal deprecated

Tags:

spring-mvc

spring-boot

spring-security

Spring Security version: spring-boot-starter-security:1.3.0.RC1

Noticing that the annotation @AuthenticationPrincipal has been deprecated.

Possible different way to accomplish the same thing and wondering if this is the correct way to get user information within a Spring MVC Controller.

@RequestMapping(method = RequestMethod.GET)
public String getIndex(HttpSession session, Device device, Model model, Principal principal) {

    /**
     * Spring Security Fetch User
     */
    if (principal != null) {
        String username = principal.getName();
        User currentUser = userRepository.findByEmail(username);
        model.addAttribute("user", currentUser.getFirstName());
    }

    return "view";

}

On another note I found not having the HttpSession session would result in stale sessions causing page load errors.

like image 432
code Avatar asked Nov 08 '15 22:11

code

People also ask

What is the deprecated security for OAuth in Spring boot?

The first thing to note is that Spring Security OAuth 2.4. 0 officially deprecates all its classes. The second thing is that according to the Spring Security - OAuth 2.0 Features Matrix - FAQ: We are no longer planning on adding Authorization Server support to Spring Security.

Is WebSecurityConfigurerAdapter deprecated?

The type WebSecurityConfigurerAdapter is deprecatedWell, it's because the developers of Spring framework encourage users to move towards a component-based security configuration.

What is principal in Spring Security?

The principal is the currently logged in user. However, you retrieve it through the security context which is bound to the current thread and as such it's also bound to the current request and its session.

What is the default authentication manager in Spring Security?

Spring Boot provides a default global AuthenticationManager (with only one user) unless you pre-empt it by providing your own bean of type AuthenticationManager . The default is secure enough on its own for you not to have to worry about it much, unless you actively need a custom global AuthenticationManager .

1 Answers

The annotation has been moved to another package.

Use org.springframework.security.core.annotation.AuthenticationPrincipal instead of the deprecated org.springframework.security.web.bind.annotation.AuthenticationPrincipal.

like image 111
Ilya Novoseltsev Avatar answered Oct 10 '22 04:10

Ilya Novoseltsev
Sign in to Comment

Related questions

Spring Security Authorization - Admin is denied access
How to Enforce Change Password on User's initial login using Spring Security
When will we use applicationContext.xml in Spring? [duplicate]
Maintain Model Data between Pages (Spring 3 MVC)
AspectJ: Autowired fields are null in Initbinder
how to log a user out programmatically using spring security
How to upload multiple files at once using MultipartConfigElement in Spring Boot?
How to filter a collection in thymeleaf th:each using another property in comparison
Spring MVC detect ajax request
Disable browser authentication dialog in spring security
Spring MockMvc and async controller's HTTP status code
Object to JSON serialization inside thymeleaf template
Displaying index.html page using @Controller | Spring Boot
Spring MVC and Shiro Configuration using ini files
springmvc jsr303 validator co-exist with spring WebDataBinder validator in one action
Could not initialize class net.sf.cglib.proxy.Enhancer
image not displayed in jsp with spring
Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException:
If-Else in a th:each statement in Thymeleaf
how store latitude and longitude in mongodb collection? and How to use it with Spring?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!