Announcement Announcement Module
Collapse
No announcement yet.
How to add my application's user object to the Acegi User class as an attribute Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to add my application's user object to the Acegi User class as an attribute

    Hi,

    I am trying without much success to integrate my application's pre-existing user object to the Acegi's User class as a property. I need to be able to access my application's user object from the Acegi User class because it contains properties that are unique to our application.

    So far, users can log into the web application and are authenticated against our database (I was able to figure out how to extend a couple of the Acegi classes to enable them to work with our db schema). The main problem is that now that they're logged in, I need to access additional information about them such as first and last name, postal code, etc all of which are not stored in the Acegi User class, but are stored in our application's user object on the session.

    So...

    I created a "CustomUser" class that implements the UserDetails interface. I pretty much copied all the source code from the Acegi User class provided and simply added my application's user object as an instance variable (complete with a getter and a setter).

    I also extended the JdbcDaoImpl class (we'll call it "CustomJdbcDaoImpl") and overrode the UsersByUsernameMapping inner class's "mapRow" method to return the CustomUser class instead of the default Acegi User class. BUT, before I return my CustomUser object I need to SET my application's user object onto it. My application's user object is only available via the session. I have NO idea how to get it off the session within my CustomJdbcDaoImpl class because I don't see any way to access the request, session, or any other context there.

    I am new to Spring and Acegi and well, pretty new to Java web apps too. I am afraid that I am going about this all wrong - from the documentation and the other posters it seems like everyone knows where to extend the default libraries to make everything play nice. The hardest part for me right now is that I am the only coder at my company doing anything with Spring or Acegi (and I'm the least experienced Java developer) so I don't have much in terms of resources for Spring or Acegi related stuff. As for the Java stuff I do have resources but sometimes I don't even know which questions to ask. So, if anyone has found any helpful resources or tutorials that they would like to pass on, I would be forever grateful. And, hopefully, I'll be able to get a bit more direction on the stuff I outlined above from this list.

    Thanks for your time!!!

  • #2
    Looks like you are on the right track to me.

    I just recently did this in our project. I created my own UserDetailsService (MyCustomUserDetailsService implements UserDetailsService).

    In your loadUserByUsername(String username) method, get your own custom User implementation.

    For User implementation I created an interface MyCustomUserDetails extends UserDetails and put in my own custom stuff. Then create an implementation of MyCustomUserDetails. Here too; I mainly nicked the User implementation code.

    I did not go the route of extending the Jdbc thing. Although my MyCustomUserDetailsService delegates to an injected collaborator which is actually a MappingSqlQuery. So you'd have full reign how that works.

    PS: Don't worry, I have a lot of Java experience but IoC, Spring, Unit-testing is relatively new to me too. For what its worth, my advice, this is where you wanna be. I'll never go back.

    Comment


    • #3
      If your user object implements UserDetails you should be able to access it in any tier using SecurityContextHolder.getContext().getAuthenticati on(). I'm doing so without any problem to get access to certain attributes that are used to filter searches based on a user's privaleges in my dao layer. I posted a similar thread yesterday: http://forum.springframework.org/showthread.php?t=26912 about the LdapUserDetails and hoping for an answer soon!

      Regards
      Alan

      Comment

      Working...
      X