java - Spring Boot - Authentication null

Question

I have a link on my home page that leads to users posts page. It is visible only if user is logged in. Currently I'm getting

Cannot invoke "org.springframework.security.core.Authentication.getPrincipal()" because "auth" is null

when I try to get on homepage as a guest. I understand that Authentication requires a logged in user, but how exactly can I handle that exception or is there a better way to do it?

My controller

...
@GetMapping("/home")
public String home (Model model, Authentication auth) {

    UserPrincipal userPrincipal = (UserPrincipal) auth.getPrincipal();
    User user = userPrincipal.getUser();

    model.addAttribute("user", user);
    model.addAttribute("listPosts", postService.getAllPosts());

    return "home";
}
...

Link in my thymeleaf view

<li><a th:href="@{/{username}/posts (username = ${user.username})}" sec:authorize="isAuthenticated()">My posts</a></li>

Thanks

question from:https://stackoverflow.com/questions/65877874/spring-boot-authentication-null

Answer 1

You need to determine if the Authentication is present first:

public String home (Model model, Authentication auth) {
    if (auth != null && auth instanceof UserPrincipal) {
        UserPrincipal userPrincipal = (UserPrincipal) auth.getPrincipal();
        model.addAttribute("user", userPrincipal.getUser());
    }

    model.addAttribute("listPosts", postService.getAllPosts());

    return "home";
}

But then you would need to also handle the user coming through as null in the thymeleaf template.

You could leave it as null or inject a 'Guest' User object if not present to handle it that way.