0

in a spring boot application, i use spring security and rest.

My setup of my security.

public class GymApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Autowired
    private RESTAuthenticationEntryPoint authenticationEntryPoint;

    @Autowired
    private RESTAuthenticationFailureHandler authenticationFailureHandler;

    @Autowired
    private RESTAuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/rest/**").authenticated();
        http.csrf().disable();
        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
        http.formLogin().successHandler(authenticationSuccessHandler);
        http.formLogin().failureHandler(authenticationFailureHandler);
        http.logout().logoutUrl("/logout");
        http.logout().logoutSuccessUrl("/");
    }
}

When user do a requesty, in the controller, i would like to have it's id

I see on old tutorial 

Authentication auth = SecurityContextHolder.getContext().getAuthentication();

is it still ok with spring boot? so i need to this in each methof of my controller

M. Deinum
  • 115,695
  • 22
  • 220
  • 224
robert gagnon
  • 311
  • 1
  • 5
  • 14
  • Why would it have changed? The means of configuration has changed not the usage of the API. So yes you need to do that (or simply add a method argument of type `Principal` or use the `@AuthenticatedPrincipal` as explained in the reference guide which I suggest you to read). – M. Deinum May 30 '16 at 19:23
  • It's `@AuthenticationPrincipal`. See http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#mvc-authentication-principal – Yannic Bürgmann May 31 '16 at 06:31

0 Answers0