I’m wondering how authentication works (or is supposed to work) in Errai. It seems from what I can gather, you’re supposed to use doAuthentication in the SecurityService, however, even if my custom AuthenticationAdapter does nothing as it currently does (I was curious to see if I could get Spring Security authentication information using it to pass it on since I can’t seem to in my services, which I can’t in there either), but nothing calls isAuthenticated or anything related to it later on even if I have @RequireAuthentication or @RequireRoles on my services. In fact, it lets me call the services even though as far as I think Errai knows, it should have no authentication principals or roles. Is Authentication incomplete at this point in time? At this time, I’m not requiring/needing the annotations, but I do want to get my login information from Spring Security. I would normally do it in the context of a servlet or jsp as:
try {
SecurityContext context = SecurityContextHolder.getContext();
Object principal = null;
User user = null;
if (context != null) {
Authentication auth = context.getAuthentication();
if (auth != null) {
principal = auth.getPrincipal();
if (principal instanceof User) {
user = (User) principal;
} else {
logger.debug("Principal is null or not a User");
}
} else {
logger.debug("No authentication");
}
} else {
logger.debug("No context");
}
} catch (Exception e) {
logger.error("Error", e);
}
However, that doesn’t seem to work, probably because it can’t access the ThreadLocal since I’m assuming most things in Errai, especially services, get a new Thread? Is there any way for me to access the remote user from the servlet? I doubt services get a link to the requesting servlet, correct?