java - Spring Security: how to retrieve username to accessDeniedPage? -


i'm using spring security, html , thymeleaf , retrieve user has failed login. login has 2 step: first step checks if user , password correct ldap, second checks if user has role database. if both passed user authenticated. have registration page user has failed login (a precompiled input field). registration page accessdeniedpage. authentication:

public authentication authenticate(authentication authentication) throws authenticationexception {             set<grantedauthority> authorities = new hashset<grantedauthority>();             string name = authentication.getname();             string password = authentication.getcredentials().tostring();             if (name == null || name.isempty() || password == null || password.isempty())                 return null;             boolean isfind = ldapservices.ldapsearch(name, password);                                        if (isfind){                 com.domain.user user = userservices.getbyusersenabled(name);                 if (user!=null){                     authorities.add(new simplegrantedauthority("role_"+user.getrole().getrole()));                   }                 return new usernamepasswordauthenticationtoken(user, password, authorities);             }                        else return null;         }

and redirect is:

@override protected void configure(httpsecurity http) throws exception {     list<role> roles=roleservices.getroles();     //retrieve array of roles(only string field without id)     string[] rolesarray = new string[roles.size()];     int i=0;     (role role:roles){         rolesarray[i++] = role.getrole();     }      http     .authorizerequests() //authorize request configuration     //the "/register" path accepted without login     .antmatchers("/registration/**").authenticated()     //all path need authentication     .anyrequest().hasanyrole(rolesarray)//.authenticated()     .and()//login form configuration others     .formlogin()     .loginpage("/login")     .permitall()     .and()     //redirect on page "registration" if user doens't exist in dart database     .exceptionhandling().accessdeniedpage("/registration")     .and()     .logout()     .logoutsuccessurl("/login?logout")     .deletecookies("jsessionid", "jsessionid")     .invalidatehttpsession(true)     .permitall(); }

if add principal in /registration controller null. why? principal null, maybe wrong in authenticate method. furthermore may have problem security since registration web services not authenticated whereas should authenticated without role there possibility have registration page user fails login? thanks

i've changed row authenticate method:

return new usernamepasswordauthenticationtoken(user==null?new user(name,null,false):user, password, authorities);

user null because didn't exist database query return null object, instead have create user username.


Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more