getPrincipal() return null after successful login

user998556 picture user998556 · Nov 27, 2012 · Viewed 7.6k times · Source

I am using multiple http elements [with different patterns] in my spring security configuration. Each points to a separate authentication manager. I am able to login successfully for all http elements. However , after successful login, the Principal object returned is null. Please help me.

The contents of spring security are as follows

<http pattern="teacher/login*" authentication-manager-   
        ref="teacherAuthenticationManager">
        <intercept-url pattern="teacher/login*" access="ROLE_TEACHER" />
            <http-basic`enter code here` />
        </http>
        <http pattern="student/login*" authentication-manager- 
        ref="studentAuthenticationManager">
        <intercept-url pattern="student/login*" access="ROLE_STUDENT" />
        <http-basic />
        </http>
        <authentication-manager alias="teacherAuthenticationManager">
        <authentication-provider>
        <!--  <password-encoder hash="md5"/>-->
        <jdbc-user-service data-source-ref="dataSources"
        users-by-username-query="
            select username,password,true 
                from Teacher where username=?" 

            authorities-by-username-query="
            select username,'ROLE_TEACHER' from Teacher where username=?" />
        </authentication-provider>
       </authentication-manager>


       <authentication-manager alias="studentAuthenticationManager">
            <authentication-provider>
        <!--  <password-encoder hash="md5"/>-->
        <jdbc-user-service data-source-ref="dataSources"
        users-by-username-query="
            select username,password,true 
            from Student where username=?" 

        authorities-by-username-query="
                select username,'ROLE_STUDENT' from Student where username=?" />
            </authentication-provider>
        </authentication-manager>

Web.xml is as follows

<display-name>Spring Web MVC Application</display-name>
    <welcome-file-list>
        <welcome-file>/index.html</welcome-file>
    </welcome-file-list>

    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/rest/*</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/mvc-dispatcher-servlet.xml,
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                <dispatcher>ERROR</dispatcher>
    </filter-mapping>

Controller code

 @RequestMapping(value = "/teacher/login", method = RequestMethod.GET)
    public @ResponseBody MethodResponse teacherlogin( Principal principal) {
        System.out.println("Welcome Teacher");
        MethodResponse methodResponse = new MethodResponse();
        try {
            //org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();


                    System.out.println("Is Principal Null:"+Boolean.valueOf(principal==null));
                    final String name = principal.getName();

                    String sql="Select * from Teacher where UserName=?";
                    Teacher teacher = jdbcTemplate.queryForObject(sql,
                            ParameterizedBeanPropertyRowMapper
                                    .newInstance(Teacher.class),name);


                    methodResponse.setData(teacher);




            //String sql = " Select * from Teacher where TeacherId=?";

            /*
            List<Teacher> list = jdbcTemplate.query(sql,
                    ParameterizedBeanPropertyRowMapper
                            .newInstance(Teacher.class), teacherId);

            Teacher[] teachers = list.toArray(new Teacher[] {});
            methodResponse.setDataArray(teachers);*/

            methodResponse
                    .setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_SUCCESS);
            methodResponse
                    .setResponseMessage(GlobalConstants.SERVICE_STATUS_MSG_SUCCESS);
        } catch (Exception e) {
            e.printStackTrace();
            methodResponse
                    .setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_DATABASE_ERROR);
            methodResponse.setResponseMessage(e.getMessage());
        }
        return methodResponse;
    }

Answer

Dave Syer picture Dave Syer · Nov 27, 2012

The servlet is mapped to /rest/* and those URLs are not protected by your filters (so I would expect the principal to be null). Does that explain the behaviour you see?