Announcement Announcement Module
Collapse
No announcement yet.
how to get user info from session? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to get user info from session?

    i select WebWork as my web framework, i want to know if i can get user detail info from session. I woder where can i process in this situation.thanks

  • #2
    SecureContext.getAuthentication().getPrincipal().g etUserName()

    Comment


    • #3
      Don't forget to cast:

      Code:
      ((UserDetails) ((SecureContext) ContextHolder.getContext()).getAuthentication().getPrincipal()).getUsername();

      Comment


      • #4
        How can I know to Cast to UserDetails? Where to define it?

        Originally posted by Ben Alex
        Don't forget to cast:

        Code:
        ((UserDetails) ((SecureContext) ContextHolder.getContext()).getAuthentication().getPrincipal()).getUsername();

        Comment


        • #5
          Generally people use DaoAuthenticationProvider with Acegi Security, which puts the UserDetails returned by the AuthenticationDao into the Authentication object. If you have a look at the JavaDocs for the DaoAuthenticationProvider and AuthenticationDao, where the UserDetails comes from will make a lot more sense.

          Comment


          • #6
            Hi All,

            Ok, it's really easy to retrieve the UserDetails. But I want to write an app that isn't too much coupled with Spring.

            Is there another way to retrieve the UserDetail from the session ? Maybe with something like
            Code:
            HttpSession session = request.getSession();
            session.getAttribute("SPRING_USER_DETAILS");
            I have seen that the session has an attribute "SPRING_SECURITY_CONTEXT" of type org.springframework.security.context.SecurityConte xtImpl, is it bad to retrieve the context from the session ?

            If it is, why is it ? If it isn't is there a way to externalize that key ?


            Edit : Actually I have written a static method into a personnal AuthorizationManager
            Code:
            public static User getPrincipal(HttpSession session) {
              // Do nothing with the session because Spring give us a better way to retrieve the principal
              return (User) ((SecurityContext) 
                SecurityContextHolder.getContext()).getAuthentication().getPrincipal();
            }
            , so if later my boss tell me to remove Spring from the project I have juste to rewrite this method. But I don't really like that.
            Last edited by blaiseg; Oct 24th, 2008, 10:02 AM. Reason: What I do actually

            Comment


            • #7
              public static User getPrincipal(HttpSession session) {
              // Do nothing with the session because Spring give us a better way to retrieve the principal
              return (User) ((SecurityContext)
              SecurityContextHolder.getContext()).getAuthenticat ion().getPrincipal();
              }
              thanks blaiseg. It works fine. you rescued me

              Comment

              Working...
              X