Hi all,
I am using Acegi 0.8.2 with Struts and Spring. Everything was working
fine till a little while ago, when we noticed that the
currently-logged in user would be lost, even though the session hadn't
timed out.
Basic problem flow (after having authenticated): from page1, click on
button and go to page2; upload file from page2, and right after that
(actual file upload has been successful), before taking you to page1,
the server asks for authentication again. At the end of the upload
servlet, I am using a response.sendRedirect(...).
This also happens when deleting a file uploaded to the server.
My user class is called CMSUser (implements UserDetails, of course).
I either get a null principal or I get a principal that is not of type
CMSUser.
I am using the following function to retrieve the current user:
public CMSUser getCurrentUser(HttpSession session) {
CMSUser currUser = null;
SecureContext sctx = null;
if (null != session) {
sctx = (SecureContext) session.getAttribute(
HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
if (null != sctx) {
Authentication auth = sctx.getAuthentication();
if (null != auth) {
Object user = auth.getPrincipal();
if (user instanceof CMSUser) {
currUser = (CMSUser) user;
}
}
}
}
return currUser;
}
Am I doing anything wrong/stupid when retrieving the current user?
This problem seems to happen only when servlets are involved -- when
the end-to-end flow is Struts Actions only, everything seems to work
fine.
I don't know if it matters, but I have overridden
SecurityEnforcementFilter's sendAccessDeniedError() method in my
derived class F1SecurityEnforcementFilter.
Thanks.
--
Harshdeep S Jawanda
Give someone a program, you frustrate them for a day;
Teach them how to program, you frustrate them for a lifetime.
