Announcement Announcement Module
Collapse
No announcement yet.
Problem Retrieving Token from Session Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem Retrieving Token from Session

    Hello,

    I've got an application that needs to know what user is logged in. First a user will be redirected to log into CAS, then when they perform a function, I'd like to attach that User to the resulting object created.
    How can my Spring MVC controller retrieve what user is logged in and put it in the model as RefData?
    I see how it might have something to do with the ContextHolder, but I'm not having any luck. Any help would be great.

    Thanks,
    James

  • #2
    Code:
    ((SecureContext) ContextHolder.getContext()).getAuthentication()

    Comment


    • #3
      Hey Ben,

      That is exactly what I thought it would be. I see that code in the authz tag library code. However, when I do it from my web controller, it returns null. <shrug> Any ideas?

      Thanks,
      James

      Comment


      • #4
        Hey,

        Okay, this code works. I was doing a slight variation. Thank you VERY much.

        Take care,
        James

        Comment


        • #5
          Well shoot,

          Okay, I'm confused on this ThreadLocal stuff in the context of CAS and Acegi. I can retrieve the Authentication object if I log in from a fresh Internet Explorer window. However, if I logoff of CAS and log in as another user, retrieving Authentication returns null.
          I know that CAS is working, because I have JSP pages that use the authz:authorize successfully. So it's as if I can retrieve it when the JSP is being generated, but I can't when I invoke my application facade from a web controller... UNLESS it is the first user logged in and hasn't logged out. <shrug> Any ideas?

          Thanks,
          James

          Comment


          • #6
            Okay, here's what I've got so far...

            When I first open a browser window, log in, and make a call to my controller, the ContextHolder.setContext() gets called. However, when I log out with the CAS logout servlet, I log back in, and I call the controller, the ContextHolder.setContext() is NOT getting called. <shrug>

            Thanks,
            James

            Comment


            • #7
              Okay, I'm getting closer....

              When I've first opened a browser and I invoke my controller, the AutoIntegrationFilter recognizes the Authentication object and calls ContextHolder.setContext(). This is called "extracted" at line 133 of AbstractIntegrationFilter:

              Code:
              // Populate authentication information
                          Object extracted = this.extractFromContainer&#40;request&#41;;
              
                          if &#40;extracted instanceof Authentication&#41; &#123;
                              if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                                  logger.debug&#40;
                                      "Authentication added to ContextHolder from container"&#41;;
                              &#125;
              However, when I've logged off and log in again, this.extractFromContainer(request) returns null. So setContext() is never called.

              Upon further investigation, I see that it returns null becuase there is no ACEGI_SECURITY_AUTHENTICATION token associated with the httpRequest's session.

              -James

              Comment


              • #8
                Okay,

                After talking to myself here for a while, I figured out it was all a stupid error on my part. I didn't have my controller mapped from a secure context. :? I guess I got all caught up in the details.

                Thanks,
                James

                Comment

                Working...
                X