Announcement Announcement Module
Collapse
No announcement yet.
Question about Authentication.isAuthenticated Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Question about Authentication.isAuthenticated

    Hi,
    I am a newbie to Acegi and have a question about Authentication.isAuthenticated.

    I have written a custom class called MySecurityDAO that implements PasswordAuthenticationDAO. I was able to link this with passwordDaoAuthenticationProvider and then use the Acegi http form authentication/authorization to validate users.

    I am using Acegi 0.8.3 and therefore had to write custom code so that I can prevent authentication for each request (without using the cache).

    I use the following piece of code to check if the user was authenticated earlier.


    Code:
    // Try NOT to authenticate again if already authenticated and is not
                // authenticated as ROLE_ANONYMOUS
                if ((SecureContextUtils.getSecureContext() != null)
                        && (SecureContextUtils.getSecureContext()
                                .getAuthentication() != null)
                        && (SecureContextUtils.getSecureContext()
                            .getAuthentication().isAuthenticated())
                        && (SecureContextUtils.getSecureContext()
                                .getAuthentication().getDetails() != null)) {
     
                    userProfile = (UserProfile) SecureContextUtils
                            .getSecureContext().getAuthentication().getPrincipal();
     
                    log.debug("Previously authenticated : Returning UserProfile"
                            + " from the Authentication object : username ="
                            + userProfile.getUsername());
                    return userProfile;
     
                }
    UserProfile is a custom object that implements UserDetails interface from Acegi.

    What I am seeing is that Authentication.isAuthenticated() gets set only after the second successful authentication.

    Here is the scenario
    1) I login using /j_acegi_security_check URL using a form post
    2) My custom class gets called.
    3)It goes to backend, authenticates the user and adds appropriate roles to UserProfile
    4) Then the webapp redirects the user to main page
    5) My custom class gets called again. When I check isAuthenticated(), I get false and therefore I go to backend for second time and repeat the steps in step 3
    6) From next time onwards, isAuthenticated returns true

    I also tried doing the following however this does not seem to help

    Code:
     
    // Setting the Authenticated flag to true in Acegi
        // SecureContext Authentication object
        SecureContextUtils.getSecureContext().getAuthentication()
          .setAuthenticated(true);
    Any ideas on what I might be doing wrong ?

    Why is my custom class getting called for the url /j_acegi_security_check ? Is this correct ? I thought the Acegi filter will handle this URL ?



    Thanks
    Mandar

  • #2
    Invalid links

    Hi,
    I found these links in one of the other threads

    http://forum.springframework.org/showthread.php?t=9776
    http://forum.springframework.org/showthread.php?t=11104

    Can we get new pointers to these links so that I can read the thread contents.

    Thanks
    Mandar
    Last edited by robyn; May 14th, 2006, 04:56 PM.

    Comment


    • #3
      Mandar, the code you mention has been extensively refactored in 1.0.0 RC1, so I would urge you to upgrade to this newer release. Acegi Security out-of-the-box supports Authentication.isAuthenticated() handling, and PasswordAuthenticationDao has been deprecated and removed.

      Comment


      • #4
        Ben,

        We are using version 0.9.0 now.

        Planning to upgrade to 1.0 RC1 soon.

        Thanks
        Mandar

        Comment

        Working...
        X