I am using multiple http elements [with different patterns] in my spring security configuration. Each points to a separate authentication manager. I am able to login successfully for all http elements. However , after successful login, the Principal object returned is null. Please help me.
The contents of spring security are as follows
<http pattern="teacher/login*" authentication-manager-
ref="teacherAuthenticationManager">
<intercept-url pattern="teacher/login*" access="ROLE_TEACHER" />
<http-basic`enter code here` />
</http>
<http pattern="student/login*" authentication-manager-
ref="studentAuthenticationManager">
<intercept-url pattern="student/login*" access="ROLE_STUDENT" />
<http-basic />
</http>
<authentication-manager alias="teacherAuthenticationManager">
<authentication-provider>
<!-- <password-encoder hash="md5"/>-->
<jdbc-user-service data-source-ref="dataSources"
users-by-username-query="
select username,password,true
from Teacher where username=?"
authorities-by-username-query="
select username,'ROLE_TEACHER' from Teacher where username=?" />
</authentication-provider>
</authentication-manager>
<authentication-manager alias="studentAuthenticationManager">
<authentication-provider>
<!-- <password-encoder hash="md5"/>-->
<jdbc-user-service data-source-ref="dataSources"
users-by-username-query="
select username,password,true
from Student where username=?"
authorities-by-username-query="
select username,'ROLE_STUDENT' from Student where username=?" />
</authentication-provider>
</authentication-manager>
Web.xml is as follows
<display-name>Spring Web MVC Application</display-name>
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
Controller code
@RequestMapping(value = "/teacher/login", method = RequestMethod.GET)
public @ResponseBody MethodResponse teacherlogin( Principal principal) {
System.out.println("Welcome Teacher");
MethodResponse methodResponse = new MethodResponse();
try {
//org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
System.out.println("Is Principal Null:"+Boolean.valueOf(principal==null));
final String name = principal.getName();
String sql="Select * from Teacher where UserName=?";
Teacher teacher = jdbcTemplate.queryForObject(sql,
ParameterizedBeanPropertyRowMapper
.newInstance(Teacher.class),name);
methodResponse.setData(teacher);
//String sql = " Select * from Teacher where TeacherId=?";
/*
List<Teacher> list = jdbcTemplate.query(sql,
ParameterizedBeanPropertyRowMapper
.newInstance(Teacher.class), teacherId);
Teacher[] teachers = list.toArray(new Teacher[] {});
methodResponse.setDataArray(teachers);*/
methodResponse
.setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_SUCCESS);
methodResponse
.setResponseMessage(GlobalConstants.SERVICE_STATUS_MSG_SUCCESS);
} catch (Exception e) {
e.printStackTrace();
methodResponse
.setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_DATABASE_ERROR);
methodResponse.setResponseMessage(e.getMessage());
}
return methodResponse;
}
The servlet is mapped to /rest/* and those URLs are not protected by your filters (so I would expect the principal to be null). Does that explain the behaviour you see?