Announcement Announcement Module
Collapse
No announcement yet.
request.getUserPrincipal().getName() doesn't return username Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • request.getUserPrincipal().getName() doesn't return username

    I'm trying to port an application that's using CMA to use Acegi. There are many places in the code where the following syntax is used:

    Code:
    Principal principal = request.getUserPrincipal();
    String username = principal.getName();
    With CMA, this returns "mraible" (my login name). However, with Acegi, it returns:

    Code:
    userName= "net.sf.acegisecurity.providers.dao.User@a8eaf3: Username: mraible; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: editor"
    This happens with Acegi 0.8.3 and Spring 1.2.4 on Tomcat 5.0.28 with JDK 1.4.2. Is this a bug or as designed?

  • #2
    Matt,

    I've seen code in some places in Acegi (the authz taglib & DaoAuthenticationProvider are two) that return:

    Code:
    username = authentication.getPrincipal().toString()
    if the Principal is not an instance of UserDetails, but return

    Code:
    username = ((UserDetails) authentication.getPrincipal()).getUsername();
    if Principal is an instance of UserDetails.

    See the User.java code I posted to the AppFuse developer's list last night for an example of extending User to implement UserDetails. I believe this fixes the behavior you are seeing.

    Comment


    • #3
      Yeah, I realize I can check for instanceof UserDetails. However, I'd prefer to not use Acegi's API in any code - and just use what the application is already using - since Principal.getName() is used a fair amount in the codebase.

      Comment


      • #4
        The best way to avoid having to check for "instance of UserDetails" in your code is to have your User/Principal/Authentication class implement UserDetails. Then the rest of your code can stay unchanged, and Acegi will do the "instance of" check for you & call getUsername rather than toString.

        This way you have only one place in your codebase that is dependent on the Acegi API, rather than everywhere in your code that needs to get the username.

        Comment


        • #5
          This was fixed in net.sf.acegisecurity.providers.AbstractAuthenticat ionToken v 1.7, which unfortunately did not make release 0.8.3. You could upgrade to CVS if you needed an urgent fix, or alternatively set DaoAuthenticationProvider.forcePrincipalAsString to true.

          Comment


          • #6
            This was fixed in net.sf.acegisecurity.providers.AbstractAuthenticat ionToken v 1.7, which unfortunately did not make release 0.8.3. You could upgrade to CVS if you needed an urgent fix, or alternatively set DaoAuthenticationProvider.forcePrincipalAsString to true.
            Thanks Ben. Adding <property name="forcePrincipalAsString" value="true"/> fixed the problem, but only with regular form-based authentication. When I add RememberMe to the mix, getPrincipal().getName() returns the full string again, rather than the username. Is this fixed in 0.9.0?

            Thanks,

            Matt

            Comment


            • #7
              Yes, it will work in 0.9.0 because RememberMeAuthenticationToken extends AbstractAuthenticationToken, with the latter containing the fixed getName() method.

              Comment

              Working...
              X