Hello, I also vote for adding the possibility to have an access to a full-app-specific-User object from an Authentication. I see it very usefull in my custom security voters: 1) some decisions must be based on another user properties than the username and it may be complicated to get the full User object from the voter 2) it is easier to compare user.getId() (persistent storage identity) than the username - for example the owner object don't have to be fully loaded in my invocation argument (lazy loading used)
I also prefere to have the new UserDetails interface for the User object rather than have to use inheritance (as discussed later in this thread). Ben, do you plan to implement this feature in some future release? TIA, Karel >> Since getPrincipal already has a signature of Object, why >> can't it be allowed to store the user object sans password >> instead of only the user name as string. Then in my provider, >> I can prepare my user object in anyway I like, whether it be >> string (user name) or an object with some info and then cast > it accordingly in my view . > >So you're proposing DaoAuthenticationProvider returns an Authentication >object (specifically UsernamePasswordAuthenticationToken) that has as its >Principal the User, rather than the current User.getUsername() String? > >DaoAuthenticationProvider uses authentication.getPrincipal() in which it >expects a String to be presented. We would need to have >DaoAuthenticationProvider detect if the presented >Authentication.getPrincipal() object is a String or User, and handle it >accordingly. Aside from this, I can't see any problems with this approach. > >I also think we should overwrite the password in the User object before >passing it to the AuthenticationEvent and/or using it as the returned >Authentication.getPrincipal() value. > >Would doing this cause concerns for anyone? > >Ben ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
