No security context bound to the current thread. on a Custom API Endpoint

alvin.katigbak · September 8, 2020, 10:08am

Hello, I created a custom API endpoint on top of our existing Cuba Project based on this example.

I was able to access the Controller, but when I tried to use an Entity inside, I get this error.

java.lang.SecurityException: No security context bound to the current thread

I know i can bypass this error by using com.haulmont.cuba.security.app.Authentication but I get this error when I try to build our project.

import com.haulmont.cuba.security.app.Authentication;
                                         ^
  symbol:   class Authentication
  location: package com.haulmont.cuba.security.app

I have no problem using this class inside core-module, but not inside web-module.

belyaev · September 8, 2020, 4:09pm

Hi,

Did you update the example with the latest CUBA version? The API has changed from CUBA 6 to CUBA 7, therefore you might have an issue with that.

Meanwhile you can try this example. It contains some extra libraries but also exposes custom REST API. Please let us know if you’ll have an issue with this example too.

alvin.katigbak · September 9, 2020, 3:04am

Hello Andrey,

Thank you for the response and the example. I created a new Controller and setup access to permitAll with method POST but I always get HTTP Status 403 – Forbidden error (no issue on GET).

How can I remove the authentication layer completely on Portal?

P.S. I still cannot use the Authentication class on portal module.

alvin.katigbak · September 9, 2020, 6:57am

Hello,

I was able to persist the Data to DB using the DataService class.

For the HTTP Error 403, I was able to solve it by adding
<http pattern="/myapi" security="none"/> in portal-security-spring.xml.

Thanks a lot

belyaev · September 9, 2020, 8:17am

Glad that you were able to solve it. Please refer to the REST API Security documentation to be able to protect your endpoints properly.

alvin.katigbak · September 9, 2020, 10:31am

Hello,

I am not sure if it should be on another thread. Since the Controller is created on portal-module instead of core-module, is there a way I can defined the property value in core app.properties and use in portal-module? If no, how can I define profile environment property file in portal-module?

belyaev · September 9, 2020, 11:28am

Core module should contain services only. All interactons (REST, UI) should be placed to portal or web module. Please note that you can put custom REST controllers to web module too.

If you want to use runtime profiles for in portal module, just create property file with $profile-portal-app.properties name, similar to $profile-app.properties in core and $profile-web-app.properties for web.

fermacomkz · July 27, 2022, 1:57pm

Hello!
I am using cuba 7.2.13 version.
I get this error: Request processing failed; nested exception is java.lang.SecurityException: No security context bound to the current thread

below my sample code

package com.sample.app.web.rest;

import com.haulmont.cuba.core.global.DataManager;
import com.haulmont.cuba.core.global.Metadata;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.inject.Inject;
import java.util.Map;

@RestController
@RequestMapping(“restController”)
public class RestController {

@Inject
protected DataManager dataManager;
@Inject
protected Metadata metadata;

@PostMapping("create")
public ResponseEntity<Map> create() {
    Person person = metadata.create(Person.class);
    person.setName("Johnny");
    dataManager.commit(person);
    return new ResponseEntity<>(HttpStatus.CREATED);
}

}