Any ideas why I wouldn’t be able to access Spring Security information from inside it?  It uses ThreadLocal (http://java.sun.com/j2se/1.5.0/docs/api/java/lang/ThreadLocal.html?is-external=true) for access to the session/login information.  I also tried making it use an InheritableThreadLocal (http://java.sun.com/j2se/1.5.0/docs/api/java/lang/InheritableThreadLocal.html) holder strategy for the SecurityContext seen below, but it doesn’t seem to be able to get it through that either.

 

From: Mike Brock [mailto:cbrock@redhat.com]
Sent: Thursday, February 11, 2010 8:16 AM
To: Kevin Jordan
Cc: errai-users@lists.jboss.org
Subject: Re: [errai-users] Errai Authentication

 

It *should* be enforcing @RequireAuthentication and @RequireRoles ... let me look into it on my side.

On 2010-02-10, at 1:43 PM, Kevin Jordan wrote:



I’m wondering how authentication works (or is supposed to work) in Errai.  It seems from what I can gather, you’re supposed to use doAuthentication in the SecurityService, however, even if my custom AuthenticationAdapter does nothing as it currently does (I was curious to see if I could get Spring Security authentication information using it to pass it on since I can’t seem to in my services, which I can’t in there either), but nothing calls isAuthenticated or anything related to it later on even if I have @RequireAuthentication or @RequireRoles on my services.  In fact, it lets me call the services even though as far as I think Errai knows, it should have no authentication principals or roles.  Is Authentication incomplete at this point in time?  At this time, I’m not requiring/needing the annotations, but I do want to get my login information from Spring Security.    I would normally do it in the context of a servlet or jsp as:

 

           try {

                SecurityContext context = SecurityContextHolder.getContext();

                Object principal = null;

                User user = null;

                if (context != null) {

                     Authentication auth = context.getAuthentication();

                     if (auth != null) {

                           principal = auth.getPrincipal();

                           if (principal instanceof User) {

                                user = (User) principal;

                                logger.info(user.getUsername());

                           } else {

                                logger.debug("Principal is null or not a User");

                           }

                     } else {

                           logger.debug("No authentication");

                     }

                } else {

                     logger.debug("No context");

                }

           } catch (Exception e) {

                logger.error("Error", e);

           }

 

However, that doesn’t seem to work, probably because it can’t access the ThreadLocal since I’m assuming most things in Errai, especially services, get a new Thread?  Is there any way for me to access the remote user from the servlet?  I doubt services get a link to the requesting servlet, correct?

_______________________________________________
errai-users mailing list
errai-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/errai-users