AppFuse has a RequestContextListener in web.xml that puts the Request
in a ThreadLocal (RequestContextHolder):
http://static.springframework.org/spring/docs/2.5.x/api/org/
springframework/web/context/request/RequestContextHolder.html
You can get the request using:
HttpServletRequest request = (HttpServletRequest)
((ServletRequestAttributes) RequestContextHolder.getRequestAttributes
()).getRequest();
HTH,
Matt
On Feb 4, 2008, at 11:04 AM, [EMAIL PROTECTED] wrote:
Garet,
OK ... the only place I find a reference to
Authentication.getDetails is in
the getUser method in UserSecurityAdvice.java:
private User getCurrentUser(Authentication auth) {
User currentUser;
if (auth.getPrincipal() instanceof UserDetails) {
currentUser = (User) auth.getPrincipal();
} else if (auth.getDetails() instanceof UserDetails) {
currentUser = (User) auth.getDetails();
} else {
throw new AccessDeniedException("User not properly
authenticated.");
}
return currentUser;
}
I can see that I could work checking for "auth.getDetails() instanceof
WebAuthenticationDetails" in, though some of the combinations do
not make
any sense - I would end up with the IP address (property
RemoteAddress on
the WebAuthenticationDetails object) but no currentUser.
Currently the User.java implements interface UserDetails. Would I
need to
use a different class instead, once that contained both User and a
String
for the IP address?
Or am I just missing the boat completely. I've been working with
the old
ActionFilter and ThreadLocal mechanism for some time - but was
hoping to get
away from that for my new set of apps.
Thanks again - Richard
Gareth Davis wrote:
just been poking around in the SecurityContext holder and that the
contents of Authenciation.getDetails() will actually be a
org.acegisecurity.ui.WebAuthenticationDetails from acegi...and guess
what that contains... one ip address.
no need for the complex filter thread local thing, just use the
SecurityContextHolder to get the authentication details.
Garet
On 4 Feb 2008, at 11:54, Rob Hills wrote:
Hi Richard,
[EMAIL PROTECTED] wrote:
Here's what I ended up with:
That all sounded pretty good to me.
Question:
But I'm not sure how to get either the session or request from the
ServletContext object - it does not list those properties - unless
its just
too late and I'm not looking carefully.
No, I wouldn't say that. Not sure exactly where I got the following
from, but this is my getRequest() method from my event interceptor
class. From memory, it is dependent on having the ServletContext
injected into the bean, but I may be wrong about that. The key
point is, it works and i didn't have time to experiment with it at
the time :-)
private HttpServletRequest getRequest() {
return (HttpServletRequest) ((ServletRequestAttributes)
RequestContextHolder.getRequestAttributes()).getRequest();
}
HTH,
Rob Hills
Waikiki, Western Australia
--------------------------------------------------------------------
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context: http://www.nabble.com/How-to-get-
authentication-info-into-a-Spring-bean---Hibernate-interceptor-
tp15247474s2369p15273716.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
