问题描述

我想使用以下代码从spring Security手动绕过用户：

I want to manually bypass the user from spring Security using the following code:

User localeUser = new User();
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities());
SecurityContext securityContext = SecurityContextHolder.getContext();
        securityContext.setAuthentication(auth);
        // Create a new session and add the security context.
        HttpSession session = request.getSession(true);
        session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "dummyLogin";

虚拟登录页面（由磁贴处理）在内部调用同一控制器中的不同请求映射我试图获得这样的身份验证。

The dummy login page(handled by tiles)internally calls a different Request Mapping in the same controller where i am trying to get the Authentication something like this.

SecurityContextHolder.getContext().getAuthentication()

我在哪里变空!!!。

请帮助！

推荐答案

所以我发现了实际的问题！
问题是我在security-context.xml中用security =none标记了整个控制器。
所以当它从第一个链接反弹到第二个链接时，它会通过任何安全上下文！
对不起家伙抱歉。

So i found the actual problem!.The issue was that i had marked the whole controller with security="none" in the security-context.xml.So when it was bounced from the first link to the 2nd it dint pass any security context with it!!Sorry fr the trouble guys.

这篇关于SecurityContextHolder.getContext（）。getAuthentication（）返回null的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！