Andreas Schildbach wrote:
I was just wondering why my HttpSessionIntegrationFilter does not save my custom user object to the next request...
For my application, I have extended SecureContext to SecureUserContext, adding my domain object for users as a property.
Looking at the source of AbstractIntegrationFilter I unfortunately discovered that it just saves the authentication object, not any custom object(s) attached to it. Why don't you save just the whole SecureContext? Then it would (theoretically) never be needed to create a SecureContext again, and everything contained in it would be saved, too?
Hi Andreas
It could be changed, but extractFromContainer(ServletRequest) would also need to return a SecureContext rather than an Authentication. The JbossIntegrationFilter and HttpRequestIntegrationFilter will need to construct the SecureContext to meet that abstract class contract. More troubling is that some applications are already interfacing with the HttpSession attribute we're storing the Authentication within. So, do we break those applications, or store the SecureContext into a new attribute as well as the existing attribute? I guess you could argue they _shouldn't_ technically be interfacing with HttpSession, so it might be reasonable to change. IIRC, I have only ever advised to a user to access HttpSession with a SiteMesh issue.
Alternatively, you could just subclass HttpSessionIntegrationFilter, override commitToContainer, retrieve the SecureContext via ContextHolder, and store it that way.
With the benefit of hindsight, I would have stored the SecureContext. It's just a question of how to handle the backwards compatibility, and whether it's a good idea to break when there is an alternative for the minority of users who are customising their SecureContext.
Cheers Ben
------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
