An Authentication object was not found in the SecurityContex 异常-CSDN论坛

An Authentication object was not found in the SecurityContex 异常

Java > Java EE

收藏回复

[问题点数：80分，结帖人daocha]

⋅使用共享IP的云主机（非虚拟主机，有root权限）会被旁注吗？ ⋅An Authentication object was not found in the SecurityContex 异常 ⋅Chrome 发出ajax请求无故多请求一次 更多帖子 关注私信空间博客 daocha 等级 本版专家分：618 结帖率 99.07%

最近正在使用spring security做函数安全性控制，如果通过访问页面的方式，我查看在调用方法的时候能够顺利进入@PreAuthorize中指定的验证函数返回 true or false 以判断是否具备访问权限。

可是目前我使用Spring 的 @Scheduled 进行一些定期的操作，也就是说在没有session的情况下，没有用户触发系统自己调用方法，可是当系统后台调用这个@Scheduled方法的时候，而在这个方法内部调用了一些通过@PreAuthorize控制了访问权限的方法，这样一来就出现如下异常，无法验证是否具备访问权限。很恼人。。

异常代码如下

org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext

	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:325)

	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:196)

	at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

	at $Proxy40.refreshGlobalCacheStrategyMetrics(Unknown Source)

	at org.sly.main.server.service.system.scheduling.MaintenanceServiceImpl.runRecreateStrategyMetricsCache(MaintenanceServiceImpl.java:85)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

	at java.lang.reflect.Method.invoke(Method.java:597)

	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

	at org.springframework.aop.interceptor.AsyncExecutionInterceptor$1.call(AsyncExecutionInterceptor.java:80)

	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)

	at java.util.concurrent.FutureTask.run(FutureTask.java:138)

	at java.lang.Thread.run(Thread.java:662)

我在网上找了很久，在spring官网也看到这个问题，可是没有给出具体解决方法

http://static.springsource.org/spring-security/site/faq.html#auth-exception-credentials-not-found

摘取了相关的描述如下：

1.5. I get an exception with the message "An Authentication object was not found in the SecurityContext". What's wrong?

This is a another debug level message which occurs the first time an anonymous user attempts to access a protected resource, but when you do not have an AnonymousAuthenticationFilter in your filter chain configuration.

    DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
    org.springframework.security.AuthenticationCredentialsNotFoundException:
                   An Authentication object was not found in the SecurityContext
    at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)
    at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)

而在另一个页面给出了配置 AnonymousAuthenticationFilter
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/anonymous.html

说是要这么配置



<bean id="anonymousAuthFilter"

    class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">

  <property name="key" value="foobar"/>

  <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>

</bean>



<bean id="anonymousAuthenticationProvider"

    class="org.springframework.security.authentication.AnonymousAuthenticationProvider">

  <property name="key" value="foobar"/>

</bean>

于是乎，我就在我的 application-security.xml 中做了如下配置，但是没有任何效果



	<beans:bean id="springSecurityFilterChain"

		class="org.springframework.security.web.FilterChainProxy">

		<security:filter-chain-map path-type="ant">

			<security:filter-chain pattern="/**"

				filters="anonymousAuthFilter" />

		</security:filter-chain-map>

	</beans:bean>

	<!-- ///////////////////////////////////////// -->

	<!-- ////for AnonymousAuthenticationFilter//// -->

	<!-- ///////////////////////////////////////// -->

	<beans:bean id="anonymousAuthFilter"

		class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">

		<beans:property name="key" value="foobar" />

		<beans:property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />

	</beans:bean>



	<beans:bean id="anonymousAuthenticationProvider"

		class="org.springframework.security.authentication.AnonymousAuthenticationProvider">

		<beans:property name="key" value="foobar" />

	</beans:bean>

2012-08-09 11:22:56

点赞查看全部楼层引用举报楼主收起

展开阅读全文

⋅关于Oracle数据库SNMP配置问题 ⋅急解：关于Domino互发邮件的问题 ⋅Script库调用问题 更多帖子 关注私信空间博客 blessson 等级 本版专家分：5: 我这也碰到了相同的问题，有没有人可以解决啊，急啊！！！

2012-08-23 18:36:59

点赞查看全部楼层引用举报 #1得分 5

收起

收藏回复

daocha

等级：

关注私信 TA的帖子

activiti中报错An Authentication object was not found in the SecurityContext: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext 这是因为activiti7与springboot整合中集成了spring...

spring security中遇到的问题: 1.An Authentication object was not found in the Security Context 在security上下文中没有找到一个认证对象，我这边的问题在于controller中方法添加了认证注解，但是配置类中源自于一片我为了解决拦截静态文件的...

An Authentication object was not found in the SecurityContext?: An Authentication object was not found in the SecurityContext"} logs: 2015-04-14T11:47:52.06+0800 [App/0] OUT 2015-04-14 03:47:52.065 WARN 31 --- [io-61013- exec-8] o.s.c.s....

An Authentication object was not found in the SecurityContext: AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext while calling renewAccessToken. The authorize is successful and I save the refresh...

An Authentication object was not found in the SecurityC: I get an exception with the message "An Authentication object was not found in the SecurityContext". What's wrong? This is a another debug level message which occurs the first time an anonymous ...

SpringSecurity解决公共接口自定义权限验证失效问题，和源码分析: SpringSecurity自定义权限验证、解决鉴权失效和公共接口问题本文主要介绍如何使用spring-security来实现自定义的权限验证，以及如何解决鉴权时部分接口鉴权失效变成公共接口的问题，用户登录认证的部分已省略。...

Springboot2.1.5集成activiti7.1.24出现登录验证: Spring2.1.5集成...其余的方式大家如果试过成功就可以了，如果不行，可试下这个：取消登录验证如下： @SpringBootApplication( exclude = { org.springframework.boot.autoconfigure.security.servlet.Secu...

【Web Design The Missing Link】Authentication: 几年前，API设计指南将包含有关使用哪种身份验证方法的讨论。当时领先的网站使用的标准或级别不同。如今，几乎每个主要的Web-API都使用OAuth2。示例包括PayPal，Twitter，Google，Facebook，GitHub等。...

Spring Security学习笔记之整体配置: 第一部分: web.xml的配置使用过SpringSecurity的朋友都知道，首先需要在web.xml进行以下配置: springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy ...

Flipkart Api：尝试从api检索数据时出错: {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"} <pre><code><?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,...

Postman POST：Full authentication is required to acess this resource: Postman 做接口测试，提交请求后，模拟获取数据，输入入参正确时，却返回：Full authentication is required to acess this resource 原因： Request Headers信息里，Authorization 认证不通过，有些...

SpringBoot2.x整合Activiti7后，禁用SpringBootSecurity问题: 很多项目中，使用的权限管理，还是采用的Shiro 当我们想使用Activiti7来做流程业务的时候，我们又不想使用SpringSecurity来管理我们的权限只好在项目中，剔除SpringSecurity 剔除方式也很简单，在启动类上，剔除...

springmvc单元测试异常: springmvc采用了注解方式,利用ApplicationContext context = new ClassPathXmlApplicationContext("applicationContext.xml"); context.getBean("");怎么去获得到对应的实例?

ajax（或者App）的post请求老是报401 但是在postman测试的接口没有问题: [在然后再看请求码，retrofit里面有个规定“Returns true if {@link #code()} is in the range 200…300)”，意思是状态码在200到300之间才算成功，401直接就会走onfail方法，因此拿不到后台返回的信息。我的修改...

CAS TGT 校验不成功：No principal was found in the response from the CAS server.WHO: audit:unknown: 背景描述：首先我重写了CAS Server端的登录这个模块，并且存储的返回值也是我自己定义的（以前默认存储的是登录名）；但是单独登录CAS server成功的，从client端访问就出现了找不到principal。...

OpenStack: OpenStack概述 OpenStack是一个免费开放源代码的云计算平台，用户可以将其部署成为一个基础设施即服务（Iaas）的解决方案。OpenStack不是一个单一的项目，而是由许多相关的项目组成，包括Nova、Swift、Keystone、...

单点登录(十六)-----遇到问题-----cas4.2.x登录成功后报错No principal was found---cas中文乱码问题完美...: 单点登录(十五)-----实战-----cas4.2.x登录mongodb验证方式实现自定义加密但是悲剧的是当用户名是中文名时或者获取的其他属性中有中文名时成功登录后报错No principal was found。javax.servlet.ServletException: ...

Greenplum安装: 一、安装环境介绍及配置准备工作 1.操作系统版本 centos7.4 2.Greenplum集群介绍这里使用1个master，2个segment的集群，ip为 192.168.92.128 192.168.92.131 192.168.92.132 其中192.168.92.128 为master，其余为...

解决 Zuul 中 OAuth2 报 unauthorized 错误: 问题描述微服务中使用 OAuth2 鉴权，直接访问正常，通过 Zuul 访问报错： ... "error_description": "Full authentication is required to access this resource" } 解决方法在 Zuul 中添加配置： zuul...

Spring Boot 整合Spring Security 和Swagger2 遇到的问题小结: How to configure Spring Security to allow Swagger URL to be accessed without authentication @Configuration public class WebSecurityConfiguration extends WebSecurityConfigurerA...

Authentication object is unavailable for use with @Secured after a few minutes idle: Caused by: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.springframework.security.access...

Get-AzureRmRoleAssignment : Object reference not set to an instance of an object.: d__0: No matching token was found in the cache Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 02/06/2018 16:26:58: 371c5ab5-3cad-46d5-8ec7-e3180a01514c - <runasync>d__0: Storing ...

The type 'Attribute' is defined in an assembly that is not referenced.: could not be found in the global namespace (are you missing an assembly reference?)\r\ne3s05cht.itf(70,49): error CS0234: The type or namespace name 'ViewFeatures' does not exist in the ...

error: not found: value sqlContext/import sqlContext.implicits._/error: not found: value sqlContext ...: error: not found: value sqlContext/import sqlContext.implicits._/error: not found: value sqlContext /import sqlContext.sql/Caused by: java.net.ConnectException: Connection refused ...

在spark中使用Hive报错error: not found: value sqlContext: <console>:16: error: not found: value sqlContext import sqlContext.implicits._ ^ <console>:16: error: not found: value sqlContext import sqlContext.sql ^ raini@biyuzhe:~$ spark-shell --jars /home...

Your cookie did not work: The requested name is valid, but no data of the requested type was found....: {0} System.Exception: Your cookie did not work: The requested name is valid, but no data of the requested type was found. at Jackett.Common.Indexers.IPTorrents.ApplyConfiguration(JToken configJson...

生产预警平台-问题汇总: 问题汇总问题1 Caused by: java.lang.AssertionError: assertion failed: Failed to get records for spark-executor-abcd1 test1 8 1 after polling for 512 at scala.Predef$.assert(Predef.scala:170) ...

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel 基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系方法一： 1,先加入命名空间： ...

jdk1.8 64位官方正式版 jdk-8u91-windows: jdk1.8 64位官方正式版 jdk-8u91-windows

C#入门必看实力程序100个: C#入门必看含有100个例字,每个例子都是针对C#的学习关键知识点设计的,是学习C#必须知道的一些程序例子,分享给大家，需要的可以下载

相关热词 c# 操作网页 c#xml获取子节点的值 c# 控件组 c# 文件拖放 c# for step c#读取shp文件 c# 多个if c#上传图片到安卓的接口 c#中得到控件 c# 浏览器打开调用