Describe the bug
Spring Web MVC @RequestMapping handler method receives null as Authentication argument when forwarded from a successful login.
HttpServletRequest.getRemoteUser() also returns null, while SecurityContextHolder.getContext().getAuthentication().getName() returns the username just logged in.
To Reproduce
1. Create a handler method which receives an Authentication argument.
2. Forward successful login to that method with FormLoginConfigurer.successForwardUrl().
3. Try and see that the handler method receives null as the argument during login.
Expected behavior
The method receives an Authentication object representing the just-logged-in user.
I'm not quite sure but this seems like a bug to me.
Sample Two classes would be enough so I'm posting here directly:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin(formLogin -> formLogin
.successForwardUrl("/api/index"));
}
}
@RestController
public class IndexController {
@RequestMapping("/api/index")
public Map<String, Object> index(Authentication auth) {
Map<String, Object> result = new HashMap<>();
if (auth != null) {
result.put("username", auth.getName());
}
return result;
}
}
Comment From: rwinch
@SentretC Thanks for the report. Can you please turn this example into a complete project instead of just code snippets?
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.