Garet,
OK ... the only place I find a reference to Authentication.getDetails is in
the getUser method in UserSecurityAdvice.java:
private User getCurrentUser(Authentication auth) {
User currentUser;
if (auth.getPrincipal() instanceof UserDetails) {
currentUser = (User) auth.getPrincipal();
} else if (auth.getDetails() instanceof UserDetails) {
currentUser = (User) auth.getDetails();
} else {
throw new AccessDeniedException("User not properly
authenticated.");
}
return currentUser;
}
I can see that I could work checking for "auth.getDetails() instanceof
WebAuthenticationDetails" in, though some of the combinations do not make
any sense - I would end up with the IP address (property RemoteAddress on
the WebAuthenticationDetails object) but no currentUser.
Currently the User.java implements interface UserDetails. Would I need to
use a different class instead, once that contained both User and a String
for the IP address?
Or am I just missing the boat completely. I've been working with the old
ActionFilter and ThreadLocal mechanism for some time - but was hoping to get
away from that for my new set of apps.
Thanks again - Richard
Gareth Davis wrote:
>
> just been poking around in the SecurityContext holder and that the
> contents of Authenciation.getDetails() will actually be a
> org.acegisecurity.ui.WebAuthenticationDetails from acegi...and guess
> what that contains... one ip address.
>
> no need for the complex filter thread local thing, just use the
> SecurityContextHolder to get the authentication details.
>
> Garet
>
> On 4 Feb 2008, at 11:54, Rob Hills wrote:
>
>> Hi Richard,
>>
>> [EMAIL PROTECTED] wrote:
>>> Here's what I ended up with:
>>>
>> That all sounded pretty good to me.
>>> Question:
>>> But I'm not sure how to get either the session or request from the
>>> ServletContext object - it does not list those properties - unless
>>> its just
>>> too late and I'm not looking carefully.
>>>
>> No, I wouldn't say that. Not sure exactly where I got the following
>> from, but this is my getRequest() method from my event interceptor
>> class. From memory, it is dependent on having the ServletContext
>> injected into the bean, but I may be wrong about that. The key
>> point is, it works and i didn't have time to experiment with it at
>> the time :-)
>>
>> private HttpServletRequest getRequest() {
>> return (HttpServletRequest) ((ServletRequestAttributes)
>> RequestContextHolder.getRequestAttributes()).getRequest();
>> }
>> HTH,
>>
>> Rob Hills
>> Waikiki, Western Australia
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/How-to-get-authentication-info-into-a-Spring-bean---Hibernate-interceptor-tp15247474s2369p15273716.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
