You've implemented an AuthenticationAdapter for SpringSecurity?
There's really no way of doing it unless you were to implement your own
SessionProvider... even then you could only copy in information from the HTTPSession.
Party of the reason we separated these concerns so aggressively was so we could run
ErraiBus in something like Netty... without a Servlet container. I'm certainly open
to ideas as to how we can improve this situation to satisfy a case like yours.
On 2010-02-11, at 11:29 AM, Kevin Jordan wrote:
Any ideas why I wouldn’t be able to access Spring Security
information from inside it? It uses ThreadLocal
(
http://java.sun.com/j2se/1.5.0/docs/api/java/lang/ThreadLocal.html?is-ext...) for
access to the session/login information. I also tried making it use an
InheritableThreadLocal
(
http://java.sun.com/j2se/1.5.0/docs/api/java/lang/InheritableThreadLocal....) holder
strategy for the SecurityContext seen below, but it doesn’t seem to be able to get it
through that either.
From: Mike Brock [mailto:cbrock@redhat.com]
Sent: Thursday, February 11, 2010 8:16 AM
To: Kevin Jordan
Cc: errai-users(a)lists.jboss.org
Subject: Re: [errai-users] Errai Authentication
It *should* be enforcing @RequireAuthentication and @RequireRoles ... let me look into it
on my side.
On 2010-02-10, at 1:43 PM, Kevin Jordan wrote:
I’m wondering how authentication works (or is supposed to work) in Errai. It seems from
what I can gather, you’re supposed to use doAuthentication in the SecurityService,
however, even if my custom AuthenticationAdapter does nothing as it currently does (I was
curious to see if I could get Spring Security authentication information using it to pass
it on since I can’t seem to in my services, which I can’t in there either), but nothing
calls isAuthenticated or anything related to it later on even if I have
@RequireAuthentication or @RequireRoles on my services. In fact, it lets me call the
services even though as far as I think Errai knows, it should have no authentication
principals or roles. Is Authentication incomplete at this point in time? At this time,
I’m not requiring/needing the annotations, but I do want to get my login information from
Spring Security. I would normally do it in the context of a servlet or jsp as:
try {
SecurityContext context = SecurityContextHolder.getContext();
Object principal = null;
User user = null;
if (context != null) {
Authentication auth = context.getAuthentication();
if (auth != null) {
principal = auth.getPrincipal();
if (principal instanceof User) {
user = (User) principal;
logger.info(user.getUsername());
} else {
logger.debug("Principal is null or not a
User");
}
} else {
logger.debug("No authentication");
}
} else {
logger.debug("No context");
}
} catch (Exception e) {
logger.error("Error", e);
}
However, that doesn’t seem to work, probably because it can’t access the ThreadLocal
since I’m assuming most things in Errai, especially services, get a new Thread? Is there
any way for me to access the remote user from the servlet? I doubt services get a link to
the requesting servlet, correct?
_______________________________________________
errai-users mailing list
errai-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/errai-users