Announcement Announcement Module
Collapse
No announcement yet.
Get current user from session Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Get current user from session

    How do you get the currently logged in from the session object after you have logged in using the Acegi filters.

    Normally I would do like this:

    Code:
    HttpSession session = request.getSession();
    String userName = (String) session.getAttribute("USER_NAME");
    Then I'm using a session attribute that I've previously set.

    How do you do this with Acegi?

  • #2
    Hi Vator,

    First you have to write a class XXXAuthorizer which implements net.sf.acegisecurity.providers.dao.AuthenticationD ao and then once you override method public UserDetails loadUserByUsername(String username), you will get the username in this method. You also need to wire XXXAuthorizer into your acegi security.

    I hope this helps!

    Comment


    • #3
      AuthenticationProcessingFilter

      If you need an object for the user, try a AuthenticationProcessingFilter.
      Code:
      public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
      
          protected void onSuccessfulAuthentication(HttpServletRequest req,
                                                    HttpServletResponse resp, Authentication auth) throws IOException {
      		super.onSuccessfulAuthentication(req, resp, auth);
              User user = (User) auth.getPrincipal();
              req.getSession().setAttribute("currentUser",user);
      
            }
      }
      With something like this in your context:
      Code:
      <bean id="authenticationProcessingFilter"
                class="com.mysite.webapp.filter.CustomAuthenticationProcessingFilter">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="authenticationFailureUrl" value="/login.jsp?error=true"/>
            <property name="defaultTargetUrl" value="/"/>
            <property name="filterProcessesUrl" value="/j_security_check"/>
            <property name="rememberMeServices" ref="rememberMeServices"/>
          </bean>
      Last edited by tamewind; Feb 10th, 2008, 07:45 PM.

      Comment


      • #4
        Now I've done as told. My problem now is that I can't import the AuthenticationProcessingFilter. I get en error importing the file... I've referenced it in the acegiSecutrityContext file, so I guess the path is wrong or something... Can anyone help?

        Code:
        import db.User;
        import java.io.IOException;
        import javax.servlet.http.HttpServletRequest;
        import javax.servlet.http.HttpServletResponse;
        import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
        
        
        public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
        
            protected void onSuccessfulAuthentication(HttpServletRequest req,
                                                      HttpServletResponse resp, Authentication auth) throws IOException {
        		super.onSuccessfulAuthentication(req, resp, auth);
                User user = (User) auth.getPrincipal();
                req.getSession().setAttribute("currentUser",user);
        
              }
        }

        acegisecurityContext file

        Code:
        <bean id="formAuthenticationProcessingFilter" class="filters.CustomAuthenticationProcessingFilter">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="authenticationFailureUrl" value="/jsp/login.jsp?error=2"/>
            <property name="defaultTargetUrl" value="/regMenu.do"/>
            <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
          </bean>

        Comment


        • #5
          Why not simply use the SecurityContextHolder? That contains your current user and can be used from everywhere because it uses a ThreadLocal to store the user. If you don't want a dependency you could factor/design it out by putting it behind a facade that way you have 1 dependency.

          Code:
          SecurityContextHolder.getContext().getAuthentication().getPrincipal():

          Comment


          • #6
            I will try that out.

            I got some problems though importing the package org.acegisecurity.context.
            It's located in WEB-INF/lib/acegi-security-1.0.6 but it seems like I have to to set it in the classpath somewhere.

            I'm using Netbeans 6.0. Do you have any clue about how to do it?

            Comment


            • #7
              Originally posted by mdeinum View Post
              Why not simply use the SecurityContextHolder? That contains your current user and can be used from everywhere because it uses a ThreadLocal to store the user. If you don't want a dependency you could factor/design it out by putting it behind a facade that way you have 1 dependency.

              Code:
              SecurityContextHolder.getContext().getAuthentication().getPrincipal():
              This works great. Thanks mdeinum.

              Comment

              Working...
              X