Databases
StackOverflow2013
Postsdbo
POSpring Security principal isn't fully populated after Tomcat restart
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring Security principal isn't fully populated after Tomcat restart
    text
    copied!<p>My question is in short that following a server restart (my own local Tomcat), the Spring Security principal object is repopulated with every field (username, password, email, userType, etc) <em>except</em> the user ID field.</p> <p>I have the following User object which implements Spring's UserDetails object and also extends my own base object class:</p> <pre><code>public class User extends BaseDomainObject implements UserDetails { private String username; private String emailAddress; private String password; // ... etc ... / } </code></pre> <p>(FYI, the User class has a constructor that accepts all fields except the ID (which is sneakily injected by hibernate). There are no setters on this object. Not sure if that's important.)</p> <p>The user ID field lives in the BaseDomainObject:</p> <pre><code>class BaseDomainObject { protected Long id; public Long getId() { return id; } } </code></pre> <p>Following a successful login, the principal is populated with the above user details (including the ID) and everything is happy. This is confirmed by the following log output (which includes a toString representation of the User class above in the form User[id,username,emailAddress]):</p> <pre><code>2011-07-26 11:50:25,188 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@5e8fac5a: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5e8fac5a: Principal: User[1,test,test@test.com]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 450FFF87C04098ECC58C2E0829D21D69; Granted Authorities: ROLE_USER, ROLE_CUSTOMER' </code></pre> <p>However, following a server restart, the same log output looks like this:</p> <pre><code>2011-07-26 11:52:28,355 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@729a68c9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@729a68c9: Principal: User[null,test,test@test.com]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 450FFF87C04098ECC58C2E0829D21D69; Granted Authorities: ROLE_USER, ROLE_CUSTOMER' </code></pre> <p>I should reiterate that there are other fields on the User class (not in the base class) that are also populated successfully. Basically everything except ID. </p> <p>Does Spring security invoke the User constructor when setting fields? Admittedly I never really thought about "how" Spring repopulates the rest of the fields - perhaps that's my issue? I really didn't want to expose the ID field with a setter / in the constructor. In fact, adding ID to the constructor doesn't do anything.</p> <p>Thanks for any assistance.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload