Ah, the 'property' attribute is for a property of the principal, if it is not a primitive object.
For example, you could have a UserPrincipal class that wraps a username property and an id. Then you could say <jsec:principal property="username"/> and that would equate to this Java call: subject.getPrincipal().getUsername(); (using reflection of course, because getPrincipal returns an object). But since you're storing primitive values in the PrincipalCollection, there is no need for you to use this attribute in the jsec tag. It is much simpler if you do things that way if you can ;) But yes, the Principal can be the User object itself, but this is not recommended. A PrincipalCollection is often serialized to the client in the form of a cookie and then deserialized later. If your User objects are 'hibernated', and it appears that yours are, then that User object wouldn't be associated with a Hibernate Session, and if you needed lazy loading, you'd get the infamous LazyInitializationException. Plus because Hibernate objects are often CGLib proxies, your serialized data (cookie) could be kind of large - not really desirable. On Mon, Sep 15, 2008 at 1:04 PM, Animesh Jain <[EMAIL PROTECTED]> wrote: > Hi Les > > Yup all that sounds good, but I was wondering what the "property" attribute > was for in the jsec:principal tag. Isn't there a way to lets say put the > user domain object into the principal. Because the documentation (and the > tag implemetation) does seem to imply that this is possible. jsec:principal > would then by default print principalObject.toString(). > > Animesh > > On Mon, Sep 15, 2008 at 10:28 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: >> >> Hi Animesh, >> >> You can store more than one principal in the PrincipalCollection >> returned by the realm. Its just the first one in that collection is, >> by convention, the 'primary identifier' of your user (e.g. user id, >> username, etc). In your case, this sounds like it is the email >> address. But you could add more to the principal collection. >> >> But that would require you to do this in code: >> >> Iterator i = subject.getPrincipals().iterator(); >> i.next(); //skip the primary one. >> String username = (String)i.next(); >> >> //print out the username. >> >> Currently the <jsec:principal/> tag does not support anything like >> <jsec:principal index="1"/>, which would print out the 2nd principal >> in the collection, which it sounds like is what you want. >> >> If you want this functionality, please open a Jira issue, and we'll be >> sure to get it in the next release. >> >> Also, what a lot of people do is issue a query for that information as >> needed: >> >> String email = subject.getPrincipal(); >> String username = userDAO.getUsername( email ); >> //print out the username. >> >> If you have Hibernate 2nd-level caching enabled, and User instances >> are in the 2nd-level cache, this won't 'hit' the database. The DAO >> implementation would be something like this (if you have 2nd-level >> cache enabled): >> >> User user = hibernateSession.load( User.class, userId ); >> return user.getUsername(); >> >> If you don't have 2nd-level cache enabled for users, you'd have to do a >> query: >> >> "select u.username from User u where u.id = ?"; >> >> HTH, >> >> Les >> >> On Mon, Sep 15, 2008 at 8:19 AM, Animesh Jain <[EMAIL PROTECTED]> >> wrote: >> > Hi all >> > >> > I've implemented a custom HibernateRealm by extending the >> > AuthorizingRealm >> > and things seem to be working pretty good i.e. I'm able to login/logout >> > users and check roles. >> > >> > Now, on each of my application screens I'd like to print something like >> > Hi >> > <Name>. But my logins are done using unique emails and so, when I try to >> > use >> > the <jsec:principal/> tag the email gets printed. There's no reference >> > to >> > the user name I have here. How should I go about storing a user defined >> > principal object here, as I can see the jsec:principal tag also has >> > attributes to retrieve values from a property of a principal object. In >> > my >> > case this is a string, how should I set it to something else. >> > >> > Kind regards >> > Animesh >> > >> > > >
