Java getPrincipal（）方法返回匿名用户_Java_Web Services_Spring Security_Roles

Java getPrincipal（）方法返回匿名用户

java web-services spring-security

Java getPrincipal（）方法返回匿名用户,java,web-services,spring-security,roles,Java,Web Services,Spring Security,Roles,我正在尝试通过spring安全方法获取连接的用户 public static User getConnectedUser() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); User currentUser=auth.getPrincipal(); } 当我使用postman从webservice get方法调用此方法时，即使我已登录，它也会返回anonymousUs

我正在尝试通过spring安全方法获取连接的用户

public static User getConnectedUser() {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    User currentUser=auth.getPrincipal();
}

当我使用postman从webservice get方法调用此方法时，即使我已登录，它也会返回anonymousUser。以下是我的spring安全配置：

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/app/admin/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/app/passwordHint*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')"/>
    <intercept-url pattern="/app/requestRecoveryToken*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')" />
    <intercept-url pattern="/app/updatePassword*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')" />
    <intercept-url pattern="/app/signup*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')"/>
    <intercept-url pattern="/app/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
    <form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check"/>
    <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
    <custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
</http>

您的

拦截url

都不匹配，因为您的路径以

服务

开始，而不是以

应用程序

开始

如果您的上下文根目录是

myApp

，则您的配置应为：

<intercept-url pattern="/services/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>

即使使用此

？

<intercept-url pattern="/services/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>