Unable to retrieve security context from within Spring-Jersey

1
votes

I am trying to retrieve a security context within my spring-jersey bean, however I keep getting Null authentication. When I run the same command from within my spring application it correctly retrieves the current logged in users security context.

The configuration of spring-jersey requires creating a separate servlet to the main spring application, thus the web.xml has two servlet's - one for spring app, second for jersey rest api.

Assuming the problem is related to this, I tried setting the security context sharing mode to global, however I still unable to get the context information from within Jersey.

SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL)

Any help with this would be greatly appreciated!

Many thanks, Nigel

2
javaspringspring-securityjersey

2 Answers

2
votes

Perhaps user is simply not authenticated, because your Jersey requests don't have a session cookie and therefore are not associated with the authenticated user's session?

You may check it by enabling anonymous authentication in Spring Security - you should get anonymous authentication instead of null if the guess is right.

0
votes

@axtavt Thank you for the comment. This clue helped solve my problem, checking how my security filters were configured, I found this line in my spring security configuration 

<security:intercept-url pattern="/api/**" filters="none" />

This line effectively disables all spring security filters, removing this fixed the problem.

Many thanks for your help :)