How to obtain Authentication object in message handling Spring Controller method

Question

I have a controller method that handles REST requests as well as STOMP/websocket messages. Something like:

@RequestMapping(value="/test")
@MessageMapping(value=".test")
@SendTo(value="/topic/testresponse")
public ResponseEntity<?> test(Principal principal)
{
  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  ...
  return ResponseEntity.ok(principal.getName());
}

When I invoke this method from a REST client, the Principal and Authentication objects are both populated correctly. However, when I invoke this method from a STOMP/websocket client, the Principal object is populated but the Authentication object is null.

Clearly, Spring is able to get the Authentication object somehow, even in the websocket case, because it populated the Principal object. How can I do it in my code?

The reason I want to know this is that I need to do custom authorization checks in code that is NOT invoked as a controller method.

I am using Spring Boot 1.2.2.

Thanks.

Have you tryed: `public ResponseEntity> test(Authentication authentication)`? — Ralph, Oct 16 '15 at 18:51
these might help: http://stackoverflow.com/questions/25640872/ and https://spring.io/blog/2014/08/21/preview-spring-security-websocket-support — Ritesh, Oct 17 '15 at 12:37

How to obtain Authentication object in message handling Spring Controller method

0 Answers0