Announcement Announcement Module
Collapse
No announcement yet.
Getting "Principal required as per interface" during authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Getting "Principal required as per interface" during authentication

    Spring Security v2.0.4

    System throw me this error during authentication.

    Caused by: java.lang.IllegalArgumentException: Principal required as per interface contract
    at org.springframework.util.Assert.notNull(Assert.jav a:112)
    at org.springframework.security.concurrent.SessionReg istryImpl.registerNewSession(SessionRegistryImpl.j ava:120)
    at org.springframework.security.concurrent.Concurrent SessionControllerImpl.registerSuccessfulAuthentica tion(ConcurrentSessionControllerImpl.java:143)
    at org.springframework.security.providers.ProviderMan ager.doAuthentication(ProviderManager.java:206)
    at org.springframework.security.AbstractAuthenticatio nManager.authenticate(AbstractAuthenticationManage r.java:46)
    at affin.cib.web.secutiry.filter.AuthenticationProces sFilter.attemptAuthentication(AuthenticationProces sFilter.java:162)
    at affin.cib.web.secutiry.filter.AuthenticationProces sFilter.doFilterHttp(AuthenticationProcessFilter.j ava:62)
    at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    at org.springframework.security.ui.logout.LogoutFilte r.doFilterHttp(LogoutFilter.java:89)
    at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    at affin.cib.web.secutiry.context.SecurityContextDeta ilsFilter.doFilterHttp(SecurityContextDetailsFilte r.java:41)
    at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    at org.springframework.security.context.HttpSessionCo ntextIntegrationFilter.doFilterHttp(HttpSessionCon textIntegrationFilter.java:235)
    at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    at org.springframework.security.concurrent.Concurrent SessionFilter.doFilterHttp(ConcurrentSessionFilter .java:99)
    at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    at org.springframework.security.util.FilterChainProxy .doFilter(FilterChainProxy.java:175)
    at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:236)
    at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)

    This is my applicationContext-security.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">

    <security:global-method-security secured-annotations="enabled"/>
    <security:authentication-manager alias="authenticationManager"/>

    <alias name="loginControlManager" alias="loginControlManager"/>
    <!-- <alias name="messageExceptionResolver" alias="messageExceptionResolverService"/>-->


    <security:http access-denied-page="/403_system.jsp" session-fixation-protection="newSession"
    entry-point-ref="authenticationProcessingFilterEntryPoint"
    access-decision-manager-ref="accessDecisionManager">
    <security:intercept-url pattern="/images/**" filters="none"/>
    <security:intercept-url pattern="/css/**" filters="none"/>
    <security:intercept-url pattern="/styles/**" filters="none"/>
    <security:intercept-url pattern="/public/**" filters="none"/>
    <security:intercept-url pattern="/login*" filters="none"/>
    <security:intercept-url pattern="/logout*" filters="none"/>
    <security:intercept-url pattern="/common/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/common2/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/app/**" access="IS_AUTHORISED_SERVICE"/>

    <security:logout logout-url="/j_security_logout"
    logout-success-url="/logout.html" />
    <security:concurrent-session-control expired-url="/session_expired.jsp" />
    <security:http-basic/>
    </security:http>

    <bean id="authenticationProcessingFilterEntryPoint"
    class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/login.html" />
    <property name="forceHttps" value="${url.forceHttps}" />
    <property name="serverSideRedirect" value="${url.serverSideRedirect}" />
    </bean>

    <bean id="securityContextFilter" class="affin.cib.web.secutiry.context.SecurityCont extDetailsFilter">
    <security:custom-filter after="SESSION_CONTEXT_INTEGRATION_FILTER"/>
    </bean>

    <bean id="authenticationProcessingFilter" class="affin.cib.web.secutiry.filter.Authenticatio nProcessFilter">
    <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationFailureUrl" value="/login.html?error=1 "/>
    <property name="defaultTargetUrl" value="/common/landing.html" />
    <property name="filterProcessesUrl" value="/j_security_check" />
    <property name="alwaysUseDefaultTargetUrl" value="true" />
    <!--
    <property name="invalidateSessionOnSuccessfulAuthentication" value="true" />
    -->
    <property name="loginHandler">
    <bean class="affin.cib.web.secutiry.LoginHandlerImpl" >
    <property name="loginControlManager" ref="loginControlManager" />
    <property name="tokenProvider" ref="tokenProvider" />
    <property name="saltEncryptor" ref="saltEncryptor"></property>
    </bean>
    </property>
    <!-- <property name="exceptionResolver" ref="messageExceptionResolverService"/> -->

    </bean>

    <bean id="accessDecisionManager" class="org.springframework.security.vote.Affirmati veBased">
    <property name="allowIfAllAbstainDecisions" value="false"/>
    <property name="decisionVoters">
    <list>
    <bean class="org.springframework.security.vote.Authentic atedVoter"/>
    <bean class="affin.cib.web.secutiry.ServiceVoter"/>
    </list>
    </property>
    </bean>

    <bean id="authenticationProvider"
    class="affin.cib.web.secutiry.SupportCenterAuthent icationProvider">
    <security:custom-authentication-provider />
    <property name="loginControlManager" ref="loginControlManager" />
    <property name="allowMultipleLoginSession" value="${url.allowMultipleLoginSession}" />
    </bean>

    <bean id="messageSource" class="org.springframework.context.support.Reloada bleResourceBundleMessageSource">
    <property name="basename" value="classpath:SecurityResources"/>
    </bean>

    <bean id="saltEncryptor" class="affin.cib.web.common.security.crypto.AESSal tEncryptor"/>


    <bean id="userAuthenticationManager" class="affin.cib.web.secutiry.UserAuthenticationMa nagerImpl">
    <property name="authenticationProvider" ref="authenticationProvider"/>
    <property name="loginControlManager" ref="loginControlManager" />
    </bean>
    </beans>
    Any idea how to fix this problem ?

  • #2
    Looks like your custom AuthenticationProvider ('affin.cib.web.secutiry.SupportCenterAuthenticati onProvider') is not correctly setting the principal field of the Authentication object after successfully authenticating the user. This is part of the contract (ref. Javadoc for AuthenticationProvider) for this interface.

    My guess is, if this error is recently introduced, someone just turned on the concurrent session control feature of the framework.

    Comment


    • #3
      Thx for the advise, Just found out that i didn't set the username to the custom UserDetails object.

      Comment

      Working...
      X