Hi Cedric, The listener methods you specified are a little lower-level: they are triggered before constructing the Subject instance to return to the caller.
For authentication, you can just inspect the AuthenticationInfo method argument - that should give you the account information of who/what authenticated. The session one isn't as easy: ideally, there should be a SubjectSessionListener that is fired after the session has started and been associated with the calling subject. The current event is triggered as soon as the session is started, but before it has been 'attached' to the invoking Subject. Please create a Jira issue for the latter use case - I'm sure others could benefit from it! Best, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Tue, Jan 28, 2014 at 9:36 AM, Cédric Thiebault <[email protected]>wrote: > Hi, > > I would like to do stuff with current subject on SessionListener.onStart()or > AuthenticationListener.onSuccess() using SecurityUtils.getSubject() but > the subject is not yet authenticated... Is that normal? > > Here is how I authenticate my subject: > > Subject subject = SecurityUtils.getSubject(); > subject.login(new UsernamePasswordToken(username, password)); > > Then in the SessionListener, the subject principal is null: > > @Override > public void onStart(Session session) { > Subject subject = SecurityUtils.getSubject(); > Object principal = subject.getPrincipal(); // this is null > } > > Same thing in the AuthenticationListener: > > @Override > public void onSuccess(AuthenticationToken token, AuthenticationInfo info) { > Subject subject = SecurityUtils.getSubject(); > Object principal = subject.getPrincipal(); // this is null > } > > Any idea of what's wrong ? > > Cedric >
