Announcement Announcement Module
Collapse
No announcement yet.
Putting Objects in the Session when Authentication Successfu Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Putting Objects in the Session when Authentication Successfu

    Hi,

    I have replaced my custom security in my web app with Acegi, and the authentication and security work a treat.

    However...

    When I had my manual solution, I was putting a collection of Integer objects in to the session (league Ids of which they are a member) after authentication. I could then display these in a drop down list on my web pages and let the user select a different league table to look at.

    Now when authentication is successful Acegi put an object in to the session, but how can I?

    What is the Acegi way :?:

    Martin

  • #2
    I'm not going to be able to help you, but I am wanting to do some session stuff. I was wondering how you are placing/retrieving information into/from the session.

    The application I'm working on sends out an email to vendor. I have a domain object called Purchase which has a Vendor object and has a collection of items. Could you suggest how I might place this information into the session?

    thanks in advance,
    Mike

    Comment


    • #3
      Subclass User, or write your own principal class that implements UserDetails, and include your collection of league IDs as a property of User. Then you can use something like
      Code:
      Set leagues = request.getUserPrincipal().getLeagues();

      Comment


      • #4
        It's odd to place a collection of items into the session. You'd generally be populating that into a model. If using Spring MVC, you'd put it into the ModelAndView returned by your controller.

        If you wanted to store leagus against the user, you'd probably make a LeagueGrantedAuthority that implements GrantedAuthority. In turn your AuthenticationDao would add the LeagueGrantedAuthority to UserDetails. You can then access them via SecurityContextHolder.getContext().getAuthenticati on().getAuthorities().

        Comment


        • #5
          If another property is added to a subclass of UserDetails, userId, for instance, how do you access it?
          SecurityContextHolder.getContext().getAuthenticati on().get???

          Comment


          • #6
            Originally posted by annbc
            SecurityContextHolder.getContext().getAuthenticati on().get???
            ((CustomUserDetails)SecurityContextHolder.getConte xt().getAuthentication().getPrincipal()).getMySpec ialProperty();

            Comment


            • #7
              Hey Ben,
              I got it the same way you proposed it, but I always get an ClassCastException.
              What is wrong?
              My Class:
              Code:
              package clara.bo.model;
              
              import net.sf.acegisecurity.GrantedAuthority;
              import net.sf.acegisecurity.UserDetails;
              
              /**
               * 
               */
              
              /**
               * @author Johannes.Hiemer
               *
               */
              
              public class AuthenticatedUser implements UserDetails {
              
              	public User currentUser;
              
              	/**
              	 * @return Returns the currentUser.
              	 */
              	public User getCurrentUser() {
              		return currentUser;
              	}
              
              	/**
              	 * @param currentUser The currentUser to set.
              	 */
              	public void setCurrentUser(User currentUser) {
              		this.currentUser = currentUser;
              	}
              
              	public boolean isAccountNonExpired() {
              		return false;
              	}
              
              	public boolean isAccountNonLocked() {
              		return false;
              	}
              
              	public GrantedAuthority[] getAuthorities() {
              		return null;
              	}
              
              	public boolean isCredentialsNonExpired() {
              		return false;
              	}
              
              	public boolean isEnabled() {
              		return false;
              	}
              
              	public String getPassword() {
              		return null;
              	}
              
              	public String getUsername() {
              		return null;
              	}
              	
              
              }
              Code:
              ((AuthenticatedUser)acegiContext.getAuthentication().getPrincipal()).getCurrentUser();
              Thanks a lot

              Regards Johannes

              Comment


              • #8
                Is your AuthenticationDao returning an instance of your AuthenticatedUser? Try doing a getClass().getName() instead of calling your custom property - it shoud be AuthenticatedUser if your configuration is correct.

                Comment

                Working...
                X