LoginSignup
4
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@ijufumi(Takafumi Iju)

エラー時にSecurityContext#getAuthentication()がnullになる場合の対応

Last updated at Posted at 2016-02-26

個人的に参考に記述している記事に辿りつくまでにちょっと時間がかかったので、
備忘録としてメモしておく。

バージョン

  • Spring Framework
    4.2.2.RELEASE

  • Spring Security
    4.0.3.RELEASE

事象

404などのエラーになった時に、SecurityContextHolder.getContext(). getAuthentication()nullになることがある。

原因

エラー時にspringSecurityFilterChainが動いていない(正確には、DelegatingFilterProxyが動いていない)ためなので、エラー時も動かしてあげる必要がある。
Java Based ConfigとXML Based Configでdispatcherで指定している種類が異なっているのは、サンプルの違いだけなので、大差ない。

対応

DelegatingFilterProxydispatcherERROR を追加する。

web.xml
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>
Config.java
    protected FilterRegistration.Dynamic registerServletFilter(ServletContext servletContext, Filter filter) {
        String filterName = Conventions.getVariableName(filter);
        FilterRegistration.Dynamic registration = servletContext.addFilter(filterName, filter);
        if (registration == null) {
            int counter = -1;
            while (counter == -1 || registration == null) {
                counter++;
                registration = servletContext.addFilter(filterName + "#" + counter, filter);
                Assert.isTrue(counter < 100,
                        "Failed to register filter '" + filter + "'." +
                                "Could the same Filter instance have been registered already?");
            }
        }
        registration.setAsyncSupported(isAsyncSupported());
        registration.addMappingForServletNames(getDispatcherTypes(), false, getServletName());
        return registration;
    }

    private EnumSet<DispatcherType> getDispatcherTypes() {
        return (isAsyncSupported() ?
                EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.ASYNC, DispatcherType.ERROR) :
                EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.ERROR));
    }

参考

Spring SecurityContext returning null authentication on error pages in web.xml - Spring Forum

4
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
4
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?