admin管理员组文章数量:1026989
I’ve got the whole impersonation setup: filter, authentication, the works. This is a Vaadin application based on SpringBoot.
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserMatcher(new AntPathRequestMatcher("/impersonate", "GET"));
filter.setExitUserUrl("/impersonate/logout");
filter.setTargetUrl("/");
return filter;
}
As I understand this, after a regular login of administrator, a manually typed impersonate URL should correctly do an impersonation. But of course it does not.
I see the execution enter SwitchUserFilter, the URL matches, and it attempts to do an impersonation (createSwitchUserToken). But then Spring’s ThreadLocalSecurityContextHolderStrategy thinks there is no current user logged in, because its contextHolder contains null. That gets then populated with an EmptyContext, and the user switching fails in SwitchUserGrantedAuthority because of null checks.
Why is the context null?
I’ve got the whole impersonation setup: filter, authentication, the works. This is a Vaadin application based on SpringBoot.
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserMatcher(new AntPathRequestMatcher("/impersonate", "GET"));
filter.setExitUserUrl("/impersonate/logout");
filter.setTargetUrl("/");
return filter;
}
As I understand this, after a regular login of administrator, a manually typed impersonate URL should correctly do an impersonation. But of course it does not.
I see the execution enter SwitchUserFilter, the URL matches, and it attempts to do an impersonation (createSwitchUserToken). But then Spring’s ThreadLocalSecurityContextHolderStrategy thinks there is no current user logged in, because its contextHolder contains null. That gets then populated with an EmptyContext, and the user switching fails in SwitchUserGrantedAuthority because of null checks.
Why is the context null?
Share Improve this question asked Nov 16, 2024 at 8:34 tbeernottbeernot 2,6425 gold badges26 silver badges32 bronze badges1 Answer
Reset to default 1Sounds like issue might be related to the security context not being properly populated before the impersonation attempt.
Can you please try any of below approaches to resolve the issue:
Is Security Context Populated properly? Make sure that the security context is properly populated with the authenticated user before attempting impersonation. To ensure the same, check if authentication process is correctly setting the security context.
Verify the order of security filters - The order of security filters is crucial. Please ensure that the SwitchUserFilter is placed after the authentication filter in the filter chain.
Check your custom security configuration - Ensure that your security configuration is correctly set up to allow for impersonation.
Here is an example configuration for point 3:
import .springframework.beans.factory.annotation.Autowired;
import .springframework.context.annotation.Bean;
import .springframework.context.annotation.Configuration;
import .springframework.security.config.annotation.web.builders.HttpSecurity;
import .springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import .springframework.security.core.userdetails.UserDetailsService;
import .springframework.security.web.authentication.switchuser.SwitchUserFilter;
import .springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/impersonate", "/impersonate/logout").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout()
.permitAll()
.and()
.addFilterAfter(switchUserFilter(), SwitchUserFilter.class);
}
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserMatcher(new AntPathRequestMatcher("/impersonate", "GET"));
filter.setExitUserUrl("/impersonate/logout");
filter.setTargetUrl("/");
return filter;
}
}
Try debugging the Context - Instead of debugging filter, you should also try debugging security context. Add some logs or breakpoints to check the state of the security context before and after the impersonation attempt.
Ensure that authentication is working properly - Verify that the administrator user is properly authenticated and that the security context contains the correct authentication object before attempting impersonation.
Cross verify your Spring Security Version in case none of the above works - Ensure that you are using a compatible version of Spring Security that supports the SwitchUserFilter.
Thank you! Kindly notify me if it works for you :)
I’ve got the whole impersonation setup: filter, authentication, the works. This is a Vaadin application based on SpringBoot.
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserMatcher(new AntPathRequestMatcher("/impersonate", "GET"));
filter.setExitUserUrl("/impersonate/logout");
filter.setTargetUrl("/");
return filter;
}
As I understand this, after a regular login of administrator, a manually typed impersonate URL should correctly do an impersonation. But of course it does not.
I see the execution enter SwitchUserFilter, the URL matches, and it attempts to do an impersonation (createSwitchUserToken). But then Spring’s ThreadLocalSecurityContextHolderStrategy thinks there is no current user logged in, because its contextHolder contains null. That gets then populated with an EmptyContext, and the user switching fails in SwitchUserGrantedAuthority because of null checks.
Why is the context null?
I’ve got the whole impersonation setup: filter, authentication, the works. This is a Vaadin application based on SpringBoot.
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserMatcher(new AntPathRequestMatcher("/impersonate", "GET"));
filter.setExitUserUrl("/impersonate/logout");
filter.setTargetUrl("/");
return filter;
}
As I understand this, after a regular login of administrator, a manually typed impersonate URL should correctly do an impersonation. But of course it does not.
I see the execution enter SwitchUserFilter, the URL matches, and it attempts to do an impersonation (createSwitchUserToken). But then Spring’s ThreadLocalSecurityContextHolderStrategy thinks there is no current user logged in, because its contextHolder contains null. That gets then populated with an EmptyContext, and the user switching fails in SwitchUserGrantedAuthority because of null checks.
Why is the context null?
Share Improve this question asked Nov 16, 2024 at 8:34 tbeernottbeernot 2,6425 gold badges26 silver badges32 bronze badges1 Answer
Reset to default 1Sounds like issue might be related to the security context not being properly populated before the impersonation attempt.
Can you please try any of below approaches to resolve the issue:
Is Security Context Populated properly? Make sure that the security context is properly populated with the authenticated user before attempting impersonation. To ensure the same, check if authentication process is correctly setting the security context.
Verify the order of security filters - The order of security filters is crucial. Please ensure that the SwitchUserFilter is placed after the authentication filter in the filter chain.
Check your custom security configuration - Ensure that your security configuration is correctly set up to allow for impersonation.
Here is an example configuration for point 3:
import .springframework.beans.factory.annotation.Autowired;
import .springframework.context.annotation.Bean;
import .springframework.context.annotation.Configuration;
import .springframework.security.config.annotation.web.builders.HttpSecurity;
import .springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import .springframework.security.core.userdetails.UserDetailsService;
import .springframework.security.web.authentication.switchuser.SwitchUserFilter;
import .springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/impersonate", "/impersonate/logout").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout()
.permitAll()
.and()
.addFilterAfter(switchUserFilter(), SwitchUserFilter.class);
}
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserMatcher(new AntPathRequestMatcher("/impersonate", "GET"));
filter.setExitUserUrl("/impersonate/logout");
filter.setTargetUrl("/");
return filter;
}
}
Try debugging the Context - Instead of debugging filter, you should also try debugging security context. Add some logs or breakpoints to check the state of the security context before and after the impersonation attempt.
Ensure that authentication is working properly - Verify that the administrator user is properly authenticated and that the security context contains the correct authentication object before attempting impersonation.
Cross verify your Spring Security Version in case none of the above works - Ensure that you are using a compatible version of Spring Security that supports the SwitchUserFilter.
Thank you! Kindly notify me if it works for you :)
本文标签: Spring SwitchUserFilter sees no existing authenticationStack Overflow
版权声明:本文标题:Spring SwitchUserFilter sees no existing authentication - Stack Overflow 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745662669a2161986.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论