Marco Mistroni wrote:
hello all,
i want to use acegi security framework in my webapp....
in my app, after user has logged in, i am storing it into HttpSession,
since i need the username for other part of my app that insert data
into db.
If i let acegi do the authentication/authorization, how can i
retrieve the user after a successful authentication?
i can get the Authenticated object from ContextHolder, and from there
with getPrincipal i will get the username
but how can i get hold of ContextHOLDER? is it stored into HttpSession?
i plan to use Filters for integrating acegi with my app
anyone can help?
If you use ContextHolder.getContext().getAuthentication() you will
obtain the Authentication generated by your AuthenticationProvider. If
using DaoAuthenticationProvider, the Authentication will actually
provide a getPrincipal() method that will return the UserDetails
instance that is provided by your AuthenticationDao. As such, you have
an easy way to obtain a customisable user object without resorting to
the HttpSession. In general, interacting with the HttpSession directly
is considered poor practice. The HttpSessionContextIntegrationFilter is
responsible for managing interaction between the ContextHolder and
HttpSession, so it shouldn't be necessary for most application
developers to worry about the HttpSession.
Cheers
Ben
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
