Announcement Announcement Module
No announcement yet.
Can't receive custom UserDetails impl with RemoteAuthenticationManagerImpl Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't receive custom UserDetails impl with RemoteAuthenticationManagerImpl

    I'm working on client-server app with swing ui, and use Spring Remoting and Acegi. On the client side I do the following to authenticate user:
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName, password);
    Authentication populatedAuthentication = authManager.authenticate(authentication);
    When I use
    UserVo principal = (UserVo) securityContext.getAuthentication().getPrincipal();
    I receive String with user's name instead of my implementation of UserDetails. But when I start my app locally (without Spring remoting, RemoteAuthenticationManagerImpl, etc) it works fine, i.e. returns UserDetails implementation.

    Is this is limitation of HttpSessionContextIntegrationFilter, or I'm doing something wrong?

  • #2
    Sorry, I've missed following notes in org.acegisecurity.providers.rcp.RemoteAuthenticati onManager javadoc:
    In order to maximise remoting protocol compatibility, a design decision was taken to operate with minimal arguments and return only the minimal amount information required for remote clients to enable/disable relevant user interface commands etc.
    So, if you use RemoteAuthenticationManager you can't get your UserDetails implementation on the client side, only array of GrantedAuthority.


    • #3
      If remoting protocols offered better serialization support it would be easier. If you have a fairly good serialization-based remoting protocol, you could replace the RemoteAuthenticationManager implementation to return UserDetails instead of GrantedAuthority[].