Any ideas why I wouldn't be able to access Spring Security information from
inside it? It uses ThreadLocal
(
http://java.sun.com/j2se/1.5.0/docs/api/java/lang/ThreadLocal.html?is-exter
nal=true) for access to the session/login information. I also tried making
it use an InheritableThreadLocal
(
http://java.sun.com/j2se/1.5.0/docs/api/java/lang/InheritableThreadLocal.ht
ml) holder strategy for the SecurityContext seen below, but it doesn't seem
to be able to get it through that either.
From: Mike Brock [mailto:cbrock@redhat.com]
Sent: Thursday, February 11, 2010 8:16 AM
To: Kevin Jordan
Cc: errai-users(a)lists.jboss.org
Subject: Re: [errai-users] Errai Authentication
It *should* be enforcing @RequireAuthentication and @RequireRoles ... let me
look into it on my side.
On 2010-02-10, at 1:43 PM, Kevin Jordan wrote:
I'm wondering how authentication works (or is supposed to work) in Errai.
It seems from what I can gather, you're supposed to use doAuthentication in
the SecurityService, however, even if my custom AuthenticationAdapter does
nothing as it currently does (I was curious to see if I could get Spring
Security authentication information using it to pass it on since I can't
seem to in my services, which I can't in there either), but nothing calls
isAuthenticated or anything related to it later on even if I have
@RequireAuthentication or @RequireRoles on my services. In fact, it lets me
call the services even though as far as I think Errai knows, it should have
no authentication principals or roles. Is Authentication incomplete at this
point in time? At this time, I'm not requiring/needing the annotations, but
I do want to get my login information from Spring Security. I would
normally do it in the context of a servlet or jsp as:
try {
SecurityContext context =
SecurityContextHolder.getContext();
Object principal = null;
User user = null;
if (context != null) {
Authentication auth = context.getAuthentication();
if (auth != null) {
principal = auth.getPrincipal();
if (principal instanceof User) {
user = (User) principal;
logger.info(user.getUsername());
} else {
logger.debug("Principal is null or not a
User");
}
} else {
logger.debug("No authentication");
}
} else {
logger.debug("No context");
}
} catch (Exception e) {
logger.error("Error", e);
}
However, that doesn't seem to work, probably because it can't access the
ThreadLocal since I'm assuming most things in Errai, especially services,
get a new Thread? Is there any way for me to access the remote user from
the servlet? I doubt services get a link to the requesting servlet,
correct?
_______________________________________________
errai-users mailing list
errai-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/errai-users