Skip to content

@AuthenticationPrincipal resolves to null when spring security is also included #26380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
krm1312 opened this issue Jan 12, 2021 · 2 comments
Closed

@AuthenticationPrincipal resolves to null when spring security is also included #26380

krm1312 opened this issue Jan 12, 2021 · 2 comments
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: invalid An issue that we don't feel is valid

Comments

@krm1312
Copy link

krm1312 commented Jan 12, 2021

Followup to #26117.

When using boot 2.4.1 with managed spring and spring security dependencies @AuthenticationPrincipal is no longer bound. Brief debugging appears to indicate that AuthenticationPrincipalArgumentResolver 'supports' the argument and resolves it to null before PrincipalMethodArgumentResolver has a chance to resolve it.

Sample project: https://github.com/krm1312/spring-auth-principal.

Toggle boot version in pom.xml to see difference.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 12, 2021
@rstoyanchev
Copy link
Contributor

rstoyanchev commented Jan 14, 2021
edited
Loading

Thanks for the sample.

That looks like expected behavior to me. According to the Javadoc @AuthenticationPrincipal, it resolves Authentication#getPrincipal() which in this case is org.springframework.security.core.userdetails.User and that is not a Principal. It happened to work before because Principal was resolved ahead of @AuthenticaionPrincipal prior to 5.3 but in that case the annotation was simply ignored. So it seems like you need to remove the annotation if you want Principal resolved through the request.

@rstoyanchev rstoyanchev added the status: waiting-for-feedback We need additional information before we can continue label Jan 14, 2021
@krm1312
Copy link
Author

krm1312 commented Jan 14, 2021

Thank you. I can confirm removing the annotation fixes it in our real application as well.

Feel free to close if you want to keep the more strict behavior.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jan 14, 2021
@rstoyanchev rstoyanchev added in: web Issues in web modules (web, webmvc, webflux, websocket) status: invalid An issue that we don't feel is valid and removed status: feedback-provided Feedback has been provided status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 14, 2021
@rstoyanchev rstoyanchev mentioned this issue Jan 15, 2021
Closed
This was referenced Apr 12, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rstoyanchev @krm1312 @spring-projects-issues