Announcement Announcement Module
Collapse
No announcement yet.
securityContext.getAuthentication().getPrincipal() sometimes returns String in 1.0 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • securityContext.getAuthentication().getPrincipal() sometimes returns String in 1.0

    I have the following code in a UserCounterListener that implements ServletContextListener and HttpSessionAttributeListener.

    Code:
        public void attributeAdded(HttpSessionBindingEvent event) {
            if (event.getName().equals(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)) {
                SecurityContext securityContext = (SecurityContext) event.getValue();
                User user = (User) securityContext.getAuthentication().getPrincipal();
                addUsername(user);
            }
        }
    For some reason, securityContext.getAuthentication.getPrinciple() returns a String (sometimes) in 1.0. For example, if I deploy my application to Tomcat and run "ant test-canoo" to run all my Canoo WebTests, everything works fine. However, if I use Cargo to start my server, then run all the tests, it fails with:

    Code:
    Session attribute event listener threw exception
    java.lang.ClassCastException: java.lang.String
            at org.appfuse.webapp.listener.UserCounterListener.attributeAdded(UserCounterListener.java:114)
            at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1311)
            at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:129)
            at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:245)
    I don't have forcePrincipalAsString set to true (as I did in http://forum.springframework.org/sho...d.php?t=19858), but I'm assuming setting it to false would not help things?

  • #2
    Removing logoutFilter fixes the problem

    For some reason, removing logoutFilter solves this problem for me.

    Comment


    • #3
      This is probably a dumb question, but what the hell...

      Line 114 indicated in the strack trace is the User cast and not the SecurityContext cast correct?

      The only relation I see between your issue and the LogoutFilter is the clearing of the SecurityContext. That's why I ask...

      Comment


      • #4
        Originally posted by RayKrueger
        This is probably a dumb question, but what the hell...

        Line 114 indicated in the strack trace is the User cast and not the SecurityContext cast correct?

        The only relation I see between your issue and the LogoutFilter is the clearing of the SecurityContext. That's why I ask...
        Correct, the cast to User is failing because securityContext.getAuthentication().getPrincipal() is returning a String. This issue seems to be caused by me trying to modify my applicationContext-security.xml to closely match the less-lines-of-code version from acegi-security-sample-tutorial. My applicationContext.xml is located at:

        http://fisheye5.cenqua.com/browse/~r...t-security.xml

        Comment


        • #5
          I'm going to reply to your consolidated thread...
          http://forum.springframework.org/showthread.php?t=25512

          Comment

          Working...
          X