Announcement Announcement Module
Collapse
No announcement yet.
why am i getting authenticated:false; ? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • why am i getting authenticated:false; ?

    I had just upgraded to v.0.8.1 from 0.7.0. and i think i am doing something wrong or there are some things that i am not able to do. i am a total newbie!

    anyway, as my user logs into my application, i try to display the authentication details with this code:

    Code:
    SecureContext secureContext = ((SecureContext)ContextHolder.getContext());
    Authentication auth = secureContext.getAuthentication();
    and this is what i got:

    Code:
    auth=net.sf.acegisecurity.providers.User
    namePasswordAuthenticationToken@146df77: Username: net.sf.acegisecurity.providers.dao.User@1f93ace: Username: admin; Password: [PROTECTED]; Enabled: t
    rue; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticat
    ed: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@10278c5: RemoteIpAddress: 127.0.0.1; SessionId: 211FFC06B11AD5D02F7E803A7B310C1E;
     Granted Authorities: ROLE_ADMIN>
    i guess this means that the user was able to log on and as i try to use <authz> tags to display some portions of my jsp pages, they all work as i expected. however, the parth of the authentication details:
    Authenticated: false;
    still bothers me. i have reading thru some related topics to my problem in this forum, and have [possibly] tried every suggestions, i am still getting the same details.

    why is this happening? what can i do to fix it? i feel that this part is important (right?) any suggestions?

    Thanks in advance!

  • #2
    I asked Ben about this recently and here's what he said:

    Authentication.isAuthenticated() is use _solely_ in AbstractSecurityInterceptor. The original concept was that the view layer could query ContextHolder and figure out if at some stage in this invocation the Authentication it has obtained was actually checked against an AuthenticationManager.
    So you can safely forget about it .

    Luke.

    Comment


    • #3
      Luke,
      whew! i was really starting to worry there..thanks for for your reply. :wink:

      Comment

      Working...
      X