无法从Spring-Jersey内检索安全上下文 [英] Unable to retrieve security context from within Spring-Jersey

问题描述

我正在尝试在我的spring-jersey bean中检索安全上下文，但是我一直在获得Null身份验证.当我在spring应用程序中运行同一命令时，它会正确检索当前已登录用户的安全上下文.

I am trying to retrieve a security context within my spring-jersey bean, however I keep getting Null authentication. When I run the same command from within my spring application it correctly retrieves the current logged in users security context.

spring-jersey的配置需要为主spring应用程序创建一个单独的servlet，因此web.xml有两个servlet-一个用于spring应用程序，另一个用于jersey rest api.

The configuration of spring-jersey requires creating a separate servlet to the main spring application, thus the web.xml has two servlet's - one for spring app, second for jersey rest api.

假设问题与此相关，我尝试将安全上下文共享模式设置为global，但是我仍然无法从Jersey内获取上下文信息.

Assuming the problem is related to this, I tried setting the security context sharing mode to global, however I still unable to get the context information from within Jersey.

SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL)

任何帮助，将不胜感激！

Any help with this would be greatly appreciated!

非常感谢， 奈杰尔

推荐答案

也许用户只是未通过身份验证，因为您的Jersey请求没有会话cookie，因此未与经过身份验证的用户的会话相关联?

Perhaps user is simply not authenticated, because your Jersey requests don't have a session cookie and therefore are not associated with the authenticated user's session?

您可以通过在Spring Security中启用匿名身份验证来进行检查-如果猜测正确，则应该获取匿名身份验证而不是null.

You may check it by enabling anonymous authentication in Spring Security - you should get anonymous authentication instead of null if the guess is right.

这篇关于无法从Spring-Jersey内检索安全上下文的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！