Question about Authentication.isAuthenticated

Hi,
I am a newbie to Acegi and have a question about Authentication.isAuthenticated.

I have written a custom class called MySecurityDAO that implements PasswordAuthenticationDAO. I was able to link this with passwordDaoAuthenticationProvider and then use the Acegi http form authentication/authorization to validate users.

I am using Acegi 0.8.3 and therefore had to write custom code so that I can prevent authentication for each request (without using the cache).

I use the following piece of code to check if the user was authenticated earlier.

Code:

---

// Try NOT to authenticate again if already authenticated and is not
            // authenticated as ROLE_ANONYMOUS
            if ((SecureContextUtils.getSecureContext() != null)
                    && (SecureContextUtils.getSecureContext()
                            .getAuthentication() != null)
                    && (SecureContextUtils.getSecureContext()
                        .getAuthentication().isAuthenticated())
                    && (SecureContextUtils.getSecureContext()
                            .getAuthentication().getDetails() != null)) {
 
                userProfile = (UserProfile) SecureContextUtils
                        .getSecureContext().getAuthentication().getPrincipal();
 
                log.debug("Previously authenticated : Returning UserProfile"
                        + " from the Authentication object : username ="
                        + userProfile.getUsername());
                return userProfile;
 
            }

---

UserProfile is a custom object that implements UserDetails interface from Acegi.

What I am seeing is that Authentication.isAuthenticated() gets set only after the second successful authentication.

Here is the scenario
1) I login using /j_acegi_security_check URL using a form post
2) My custom class gets called.
3)It goes to backend, authenticates the user and adds appropriate roles to UserProfile
4) Then the webapp redirects the user to main page
5) My custom class gets called again. When I check isAuthenticated(), I get false and therefore I go to backend for second time and repeat the steps in step 3
6) From next time onwards, isAuthenticated returns true

I also tried doing the following however this does not seem to help

Code:

---


// Setting the Authenticated flag to true in Acegi
    // SecureContext Authentication object
    SecureContextUtils.getSecureContext().getAuthentication()
      .setAuthenticated(true);

---

Any ideas on what I might be doing wrong ?

Why is my custom class getting called for the url /j_acegi_security_check ? Is this correct ? I thought the Acegi filter will handle this URL ?



Thanks
Mandar

Hi,
I found these links in one of the other threads

http://forum.springframework.org/showthread.php?t=9776
http://forum.springframework.org/showthread.php?t=11104

Can we get new pointers to these links so that I can read the thread contents.

Thanks
Mandar

Mandar, the code you mention has been extensively refactored in 1.0.0 RC1, so I would urge you to upgrade to this newer release. Acegi Security out-of-the-box supports Authentication.isAuthenticated() handling, and PasswordAuthenticationDao has been deprecated and removed.

Ben,

We are using version 0.9.0 now.

Planning to upgrade to 1.0 RC1 soon.

Thanks
Mandar