How/where can I manage Authentication at SecurityContext in pre-authentation Scenario

I wonder how/where can I manage Authentication at SecurityContext in pre-authentation Scenario.

I am using spring security 2.x to implement pre-authentation Scenario in my project. now, it patially work.

After user login by pre-authentation process, they can be authrozied with relevant roles, and are able to acecess resources which defined in security:filter.

e.g.

<security:filter-invocation-definition-source lowercase-comparisons="true" path-type="ant">
      <security:intercept-url pattern="/resource/**" access="ROLE_ADMIN" />

In a some controller, I want to check principal in security content.

public abstract class AbstractUserAuthenticationController extends AbstractController
{
    protected boolean isAuthenticated(String userName)
    {   
        Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); // where issue come up

But SecurityContextHolder.getContext().getAuthentication() always return null.

In addition, I also can not use secuiry tag in jsp to check if user has relative roles

<security:authorize ifNotGranted="ROLE_ADMIN">

 no role found

</security:authorize>

Below shows the "filterChainProxy" I am using.

    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
        <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT 
          /*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor      
          /**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
        </value>
      </property>
    </bean>


 <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
     <property开发者_运维问答 name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
  </bean>

<bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticationUserDetailsService" >
   <property name="userService" ref="userService" />
</bean>

<bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilter">
  <property name="authenticationManager" ref="authenticationManager" /> 
  <property name="userService" ref="userService" />
</bean>

I think I need to set Authentication to SecurityContext in somewhere, But I do not know where/where.

What I am missing? Can anyone provide me some clues?

Thanks！

Ian

You should use SecurityContextHolder.setContext method to store your SecurityContext prior to getting it back.

The simplest way for doing this is just SecurityContextHolder.setContext(new SecurityContextImpl()).