Announcement Announcement Module
No announcement yet.
issue when using Acegi with Sitemesh Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • issue when using Acegi with Sitemesh

    I have a Sitemesh jps template that has rendering logic based on the authenticated users' role. However the ace context is not available to the template jsp. ie ContextHolder.getContext() returns null.

    After doing some further investigation, I think I figured out whats happening. Sitemesh processes the output of the rendered jsp and decorates it based on the template jsp. However this decoration takes place in a separate thread where the Acegi Context is not present in the ThreadLocal variable of the Sitemesh processing thread. I think this issue might also come up in other situations as some web containers process included jsp's in separate threads.

    To work around this problem I add the Acegi Context as a session attribute on a successful login. This way I have access to the Context from any thread. Do you see any disadvantages to this approach? The Context will not be available globally to the web app however the user has already been authenticated so it seems okay.

    btw great job. Acegi rocks!


  • #2
    I see no problems with using HttpSession, although don't forget you could just read the session attribute known by HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHEN TICATION_KEY.

    As per the JavaDocs for HttpSessionIntegrationFilter, using the setAdditionalAttributes(List) method allows you to also automatically copy the Authentication to additional HttpSession attributes. This is useful if you have a Servlet etc that expects a Principal to be available from a particular HttpSession attribute. It won't be of any help to you in this case, but I thought I'd mention its existence whilst on the subject of HttpSessions.