I would suggest using an "instanceof" check to see if it's a String or
a real user. We do something like this in UserSecurityAdvice:
private User getCurrentUser(Authentication auth) {
User currentUser;
if (auth.getPrincipal() instanceof UserDetails) {
currentUser = (User) auth.getPrincipal();
} else if (auth.getDetails() instanceof UserDetails) {
currentUser = (User) auth.getDetails();
} else {
throw new AccessDeniedException("User not properly authenticated.");
}
return currentUser;
}
Matt
On Mon, May 5, 2008 at 4:09 PM, ifunsu <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Just after you success register a new user in appfuse(signup.html),
> "current user" at the windows's middle below area will show User
> object's "username" property.
> If you go to userforms.html and save user information again, it will
> show User object's "firstname" plus "lastname" property. It seems that
> the object have changed.
> If you call "User user = (User)
> SecurityContextHolder.getContext().getAuthentication().getPrincipal();"
> without step userforms.html, you will got a ClassCastException.
>
> Relative link:
> http://www.nabble.com/Proper-way-of-requesting-current-user-tp6236528s2369p6237122.html
>
> Stack messages:
>
> ??
>
> javax.servlet.ServletException:
> org.springframework.web.util.NestedServletException: Request
> processing failed; nested exception is java.lang.ClassCastException:
> java.lang.String cannot be cast to org.appfuse.model.User
> at
> net.sf.ehcache.constructs.web.filter.Filter.logThrowable(Filter.java:152)
> at
> net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:97)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.appfuse.webapp.filter.LocaleFilter.doFilterInternal(LocaleFilter.java:74)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> com.opensymphony.clickstream.ClickstreamFilter.doFilter(ClickstreamFilter.java:42)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265)
> at
> org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107)
> at
> org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
> at
> org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
> Caused by: org.springframework.web.util.NestedServletException:
> Request processing failed; nested exception is
> java.lang.ClassCastException: java.lang.String cannot be cast to
> org.appfuse.model.User
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:488)
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:654)
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:445)
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:343)
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:292)
> at
> org.appfuse.webapp.filter.StaticFilter.doFilterInternal(StaticFilter.java:102)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
> at
> com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> net.sf.ehcache.constructs.web.filter.GzipFilter.doFilter(GzipFilter.java:75)
> at
> net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:92)
> ... 43 more
> Caused by: java.lang.ClassCastException: java.lang.String cannot be
> cast to org.appfuse.model.User
> at
> ifunsu.at.gmail.leftright.webapp.controller.BundleController.left(BundleController.java:201)
> at sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at
> org.springframework.web.servlet.mvc.multiaction.MultiActionController.invokeNamedMethod(MultiActionController.java:472)
> at
> org.springframework.web.servlet.mvc.multiaction.MultiActionController.handleRequestInternal(MultiActionController.java:409)
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:874)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> ... 71 more
>
> Code
> ifunsu.at.gmail.leftright.webapp.controller.BundleController.left(BundleController.java:201)
> public ModelAndView left(HttpServletRequest request,
> HttpServletResponse responese) {
> this.log.debug("User left.");
> User user = (User) SecurityContextHolder.getContext() //
> <<<<<<<<<<<======== line 201
> .getAuthentication().getPrincipal();
> Unit unit = (Unit) request.getSession().getAttribute(
> UnitController.Unit_Key);
>
> if(unit == null){
> unit = this.unitManager.loadUnit(Unit.ROOT);
> }
>
> Left left = unit.getLeft();
> if (left == null) {
>
> unit = new Unit(unit.getId(), user.getId(),
> unit.getLevel() + 1);
>
> unit.setLeft(new Left());
> }else{
> unit = this.unitManager.loadUnit(left.getLeaf());
> }
> request.getSession().setAttribute(UnitController.Unit_Key,
> unit);
> return new ModelAndView("redirect:/unit.html");
> }
>
>
>
> ---------- Forwarded message ----------
> From: Matt Raible <[EMAIL PROTECTED]>
> Date: 2008/5/6
> Subject: Re: Proper way of requesting current user
> To: [EMAIL PROTECTED]
>
>
> Please post this question to the users mailing list with more details
> and steps to reproduce.
>
> http://appfuse.org/display/APF/Mailing+Lists
>
> Thanks,
>
> Matt
>
> On Mon, May 5, 2008 at 10:08 AM, <[EMAIL PROTECTED]> wrote:
> > Dear Matt:
> >
> > Hi, I find a bug in your code.
> > If I register a new user, it says "You have successfully
> registered for access to this application. ".
> > Then I continue to use the application. A cast error will throw in
> your code below:
> > > User user = (User)
> > > SecurityContextHolder.getContext().getAuthentication().getPrincipal();
> > For when this time the getPrincipal() only return a string
> represent the current user not the User object.
> > If I first edit the user's profile, it will run normally seem like
> acegi load the User object to replace the ONLY user name String
> object.
> >
> > Thank you for your great job!
> >
> > Ifun
> >
> > Matt Raible-3 wrote:
> > >
> > > UserSecurityAdvice.java has an example:
> > >
> > > SecurityContext ctx = SecurityContextHolder.getContext();
> > > Authentication auth = ctx.getAuthentication();
> > > User user = (User) auth.getPrincipal();
> > >
> > > Of course, you could shorten it to:
> > >
> > > User user = (User)
> > > SecurityContextHolder.getContext().getAuthentication().getPrincipal();
> > >
> > > Matt
> > >
> > > On 9/10/06, Ernesto Echeverria <[EMAIL PROTECTED]> wrote:
> > >> I've noticed the method getUser in BaseFormController (Spring MVC) has
> > >> been deprecated.
> > >>
> > >> What is the alternate/current recommended way of getting the current
> > >> user in a secure way?
> > >>
> > >> Regards.
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> > Quoted from:
> >
> http://www.nabble.com/Proper-way-of-requesting-current-user-tp6236528s2369p6237122.html
> >
> >
>
>
>
> --
> http://raibledesigns.com
>
>
>
> --
> ======================================
> Let's make it work!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
