Karel Miarka wrote:
<>Hello,
I also vote for adding the possibility to have an access to a
full-app-specific-User object from an Authentication. I see it very usefull
in my custom security voters:
1) some decisions must be based on another user properties than the username
and it may be complicated to get the full User object from the voter
2) it is easier to compare user.getId() (persistent storage identity) than
the username - for example the owner object don't have to be fully loaded in
my invocation argument (lazy loading used)
I also prefere to have the new UserDetails interface for the User object rather than have to use inheritance (as discussed later in this thread).
Ben, do you plan to implement this feature in some future release?
Hi Karel
Yes, I agree it's worthwhile to have the User object available from an Authentication. I think we got to the point of agreeing it would be returned from Authentication.getCredentials() and I asked if this would cause concerns for anybody. I didn't receive any feedback, so I will go ahead with this change.
I am fairly busy over the next few days, but hope to get to it early next week - unless someone beats me to it and submits a patch. It's only a couple of minutes work, but testing is key.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
