1

Topic: Spring: @PreAuthorize and "An Authentication object was not fo

Greetings. There is the skeleton of application written on Spring Boot + Spring Security. At access attempt to the controlers, protected with the help @PreAuthorize, the following exception which leads to generation of answer HTTP 500 is thrown out: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound (AbstractSecurityInterceptor.java:379) ~ [spring-security-core-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation (AbstractSecurityInterceptor.java:223) ~ [spring-security-core-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke (MethodSecurityInterceptor.java:65) ~ [spring-security-core-4.2.1.RELEASE.jar:4.2.1.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:179) ~ [spring-aop-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept (CglibAopProxy.java:656) ~ [spring-aop-4.3.5.RELEASE.jar:4.3.5.RELEASE] at foo.bar.baz.controllers.AuthenticationController$$EnhancerBySpringCGLIB$$6e90741e.getSelf (<generated>) ~ [classes/:na] at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) ~ [na:1.8.0_65] at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) ~ [na:1.8.0_65] at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) ~ [na:1.8.0_65] at java.lang.reflect. Method.invoke (Method.java:497) ~ [na:1.8.0_65] at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke (InvocableHandlerMethod.java:220) ~ [spring-web-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest (InvocableHandlerMethod.java:134) ~ [spring-web-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle (ServletInvocableHandlerMethod.java:116) ~ [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod (RequestMappingHandlerAdapter.java:827) ~ [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal (RequestMappingHandlerAdapter.java:738) ~ [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle (AbstractHandlerMethodAdapter.java:85) ~ [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doDispatch (DispatcherServlet.java:963) ~ [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doService (DispatcherServlet.java:897) ~ [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.FrameworkServlet.processRequest (FrameworkServlet.java:970) [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at org.springframework.web.servlet.FrameworkServlet.doGet (FrameworkServlet.java:861) [spring-webmvc-4.3.5.RELEASE.jar:4.3.5.RELEASE] at javax.servlet.http. HttpServlet.service (HttpServlet.java:622) ~ [tomcat-embed-core-8.5.6.jar:8.5.6] How much I remember as should work Spring Security in this case, I could register the filter generating HTTP 401 approximately thus: @Configuration @EnableWebSecurity class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {... @Override protected final void configure (final HttpSecurity httpSecurity) throws Exception {httpSecurity.addFilterBefore (authenticationTokenProcessingFilter (), UsernamePasswordAuthenticationFilter.class);}...} But for any reason business does not reach at all to the filter. Nevertheless, if in tests to annotate tests @WithMockUser @PreAuthorize works perfectly. After long searches and a spelling even soldering in which I, unfortunately, did not manage to repeat a problem, I can only  tell that the problem arises only even if at "a bare" configuration is present @EnableGlobalMethodSecurity with prePostEnabled=true. I can not disconnect - @PreAuthorize it is vitally necessary. Spending for nothing some weeks, I will not put mind, as it works in other units without problems, and here - is not present. Met judgements that is not registered and does not work springSecurityFilterChain, but, again, before such never met and generally I find it difficult to search now for something on this question. There are following dependences: org.springframework.boot:spring-boot-dependencies:1.4.3.RELEASE:pom org.springframework.boot:spring-boot-starter-web:1.4.3.RELEASE org.springframework.security:spring-security-config:4.2.1.RELEASE org.springframework.security:spring-security-core:4.2.1.RELEASE org.springframework.security:spring-security-web:4.2.1.RELEASE In advance thanks for any  or a kick in the necessary direction. Edit 1 in a production-mode all works perfectly. It explains, why  worked excellently, but does not explain, where at me jambs in a configuration of tests.

2

Re: Spring: @PreAuthorize and "An Authentication object was not fo

As it appeared, all is simple enough. Presence of summaries in tests yet does not guarantee correct operation of these tests. Everything that it is necessary to add, that it wonderfully earned, a line which configures MockMvc (which I, certainly, did not mention in a question because thought that a problem exceptional in Java-configurations): mvc = webAppContextSetup (webApplicationContext).apply (springSecurity ())//did not work in the absence of this line.build (); It is a pity that because of a carelessness killed so much time. I hope, my error nobody repeats.