Announcement Announcement Module
Collapse
No announcement yet.
Support for Principal object in AbstractPreAuthenticatedProcessingFilter Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Support for Principal object in AbstractPreAuthenticatedProcessingFilter

    Hi there

    I noticed that the AbstractPreAuthenticatedProcessingFilter provides a nice way for customization by retrieving principal and credential from some sort of context:

    protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request);
    protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request);

    Unfortunately, the following lines enforce that the returned object is of type String:

    private boolean requiresAuthentication(HttpServletRequest request) {
    ...
    Object principal = getPreAuthenticatedPrincipal(request);

    if (currentUser.getName().equals(principal)) {
    return false;
    }
    ...

    If the principal is of type "String" we can use this kind of comparism, if it's of type Principal, we could use this:

    if (currentUser.getName().equals(principal.getName()) ) {
    return false;
    }

    or

    if (currentUser.equals(principal)) {
    return false;
    }

    What do you think?

    Thanks
    Oli
Working...
X