Announcement Announcement Module
Collapse
No announcement yet.
Reload/Update custom UserDetails without logging out Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reload/Update custom UserDetails without logging out

    I'm using Spring Security 3 with CAS to manage my authentication.

    I have a requirement where I need to update my custom UserDetails object. This currently holds the authorities and user information like name, address etc.

    Is there a way to modify the UserDetails object and reload it in the context without forcing the user to log in again?

  • #2
    I would think all you'd have to do is call loadUserDetails from user UserDetailsService. Maybe the only other piece to it is to update the Authentication object that's in the security context holder. But I'm not quite clear on that part of it. Luke, et al, am I on the right track?

    Comment


    • #3
      Here's a blog about doing this:

      http://blog.lourish.com/2010/03/10/u...ity-in-grails/

      Following on from my post on how to log in a user using the Grails Acegi/Spring Security plugin I stumbled into a new use for the same code when I tried to update a user’s own details while logged in. The security plugin caches the user’s domain object so any changes are not seen until the next login (wholly unhelpful when you’re trying to implement account management on a Website!).
      it's from a grails perspective, but the concept should be the same.

      Comment


      • #4
        Originally posted by djKianoosh View Post
        I would think all you'd have to do is call loadUserDetails from user UserDetailsService. Maybe the only other piece to it is to update the Authentication object that's in the security context holder. But I'm not quite clear on that part of it. Luke, et al, am I on the right track?
        Thanks djKianoosh.

        I did try calling loadUserDetails(), but it does not update the userdetails object in the securitycontext. Will look into the Grails implementation and get back...

        Comment


        • #5
          Originally posted by djKianoosh View Post
          Here's a blog about doing this:

          http://blog.lourish.com/2010/03/10/u...ity-in-grails/



          it's from a grails perspective, but the concept should be the same.
          The blog uses a simple new UsernamePasswordAuthenticationToken() to update the user. But in my case, I use CAS and I'm I do not think I can get/modify a CasAuthenticationToken to hold the updated userdetails.

          Any pointers on how I can go about?

          Comment


          • #6
            You can store any implementation of the Authentication interface you want in the SecurityContext. It doesn't have to be a CasAuthenticationToken.

            Comment


            • #7
              I dont use CAS, but if it's like any other PreAuth scenario, you can use PreAuthenticatedAuthenticationToken instead of UsernamePasswordAuthenticationToken

              something like..
              Code:
              @Override
              public UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
              	final PreAuthenticatedAuthenticationToken userToken = (PreAuthenticatedAuthenticationToken) token;
              	logger.debug("Loading userDetails for " + username);
              	String username = userToken.getName();
              	String password = (String) token.getCredentials();
              	return new User(username,password,true,true,true,true,getRoles(username));
              }

              Comment


              • #8
                Originally posted by Luke Taylor View Post
                You can store any implementation of the Authentication interface you want in the SecurityContext. It doesn't have to be a CasAuthenticationToken.
                Hi Luke,

                I tried to set my updated userdetails in the authentication object to do something like this..

                SecurityContextHolder.getContext().setAuthenticati on( new someAuthentication());

                Since I use Cas, I thought I would need to use a CasAuthenticationToken.

                Let me know if I'm on the right path to add the updated userDetails to securityContext.
                Last edited by hprasanna84; Apr 14th, 2010, 05:43 PM.

                Comment


                • #9
                  That should be fine. Are you replacing the Authentication object that is already there? Or just updating the UserDetails attached to it?

                  Take care when replacing that you don't inadvertently introduce a security risk.

                  Comment

                  Working...
                  X