Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Spring SecurityContext disappears in StreamResource callback method
See original GitHub issueTested using the newest bakery app. Spring SecurityContext disappears and becomes Null authentication in StreamResource callback method. Below an example that reproduces the issue.
`@Route(“test”) public class TestView extends VerticalLayout {
public TestView() {
Anchor anchor = new Anchor();
anchor.add("DOWNLOAD");
anchor.setHref(new StreamResource("file", () -> createInputStream()));
add(anchor);
// SecurityContext returns correct value UsernamePasswordAuthenticationToken.
System.err.println(SecurityContextHolder.getContext());
}
private InputStream createInputStream() {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
try {
outputStream.write("text".getBytes());
} catch (IOException e) {
e.printStackTrace();
}
// SecurityContextHolder.getContext() returns Null authentication here.
System.err.println(SecurityContextHolder.getContext());
return new ByteArrayInputStream(outputStream.toByteArray());
}
}`
Basically I created a simple view that contains only an Anchor element. When I click on the anchor createInputStream method is executed but Spring SecurityContext changes to null authentication.
Expected behaviour: Spring SecurityContext should be the same during user session and not disappear like in createInputStream method.
Actual behaviour: Spring SecurityContext disappears and changes to Null authentication.
- Versions:
- Vaadin 13.0.1
- Spring boot 2.1.0.RELEASE
- Java 11
- Windows 10
As a side note I believe the Upload component’s callback method addSucceededListener suffers from the same problem.
Issue Analytics
- State:
- Created 5 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thank you @heruan for pointing out the problem. So bakery app comes with following WebSecurityConfiguration:
We can see that all “/VAADIN/" requests are ignored and won’t have SpringSecurityContext. Dynamically created files are mapped to "VAADIN/dynamic/resource” url. When a request to dynamic resource is sent SpringSecurityContext is lost due to “/VAADIN/" configuration since the request url maps to it. To fix this remove "/VAADIN/” configuration or change it to “/VAADIN/static/**”. This issue should be moved to bakery app since it contains this problematic configuration.
Issue moved to vaadin/bakery-app-starter-flow-spring #755 via ZenHub