User login initialization

Question

The situation is as follows:
The user logs in to his personal account, going through the resto in the logs can catch his login.
In one of the classes, the SecurityUtils.getCurrentUserLogin() method returns anonymousUser

 @RestController @RequestMapping("/open-api") public class BillingOpenResource { @GetMapping(value = "/billing/getEpd/{account}/{date}") public void getEpd(@PathVariable String account, @PathVariable String date, HttpServletResponse resp) throws IOException, JSONException { log.debug("getEpd account: {}, date: {}", account, date); log.debug(SecurityUtils.getCurrentUserLogin()); //anonymousUser regionService.findRegionCodeByAccount(account); ... } @Service @Transactional public class RegionService { ... public String findRegionCodeByAccount(String account){ LOGGER.debug(SecurityUtils.getCurrentUserLogin()); //anonymousUser ..... }

during the execution of the code, the sun.security.validator.ValidatorException sun.security.validator.ValidatorException associated with sending to https, this is normal))

further performed:

 @RestController @RequestMapping("/api") public class RegionExtResource { @GetMapping("/regions-ext/getRegionByAccount/{account}") public ResponseEntity<Region> getRegionByAccount(@PathVariable String account,@RequestHeader(value = "Authorization") String authorization) throws IOException, JSONException { log.debug(SecurityUtils.getCurrentUserLogin());// Ivanov .... }

returning to the RegionService class in the same method findRegionCodeByAccount we already get the user login

I suspect that this is probably due to revestmping /open-api and /api but I can not understand where and what is missing, where to look ?.

 public final class SecurityUtils { private SecurityUtils() { } public static String getCurrentUserLogin() { SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication authentication = securityContext.getAuthentication(); String userName = null; if (authentication != null) { if (authentication.getPrincipal() instanceof UserDetails) { UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal(); userName = springSecurityUser.getUsername(); } else if (authentication.getPrincipal() instanceof String) { userName = (String) authentication.getPrincipal(); } } return userName; } }

log file https://github.com/maxim-grinchenko/spring-boot-web-jsp/blob/master/logfile

I guess you missed the moment when you have a transition from http to https, then the user login is lost.
In order not to reinvent the wheel and use ready-made solutions read here .

User login initialization

0

More articles: