Feb 22nd, 2011, 08:36 AM
using authentication token during authorisation
I implemented my own AuthenticationProcessingFilter in which I set the authentication token to an instance of DomainSecurityAuthenticationToken, which is a class derived from UsernamePasswordAuthenticationToken.
DomainSecurityAuthenticationToken has an extra property "domain".
Using the custom filter with the new token class works fine.
Now I want to use the same token class (and the extra property "domain") during authorisation.
In my own Voter (I'm using spring security 2.x) I added the following lines in the vote() method:
DomainSecurityAuthenticationToken token = (DomainSecurityAuthenticationToken) authentication;
At run-time I get the following error on this line:
java.lang.ClassCastException: org.springframework.security.providers.UsernamePas swordAuthenticationToken cannot be cast to be.vlaamsbrabant.domainsecuritytest.security.Domai nSecurityAuthenticationToken
How can I use the same token for authorisation that I used for authentication?
Do I again have to replace a filter? Which one?
Tags for this Thread