Acegi, UserDetails

**dmfrey** · Oct 3rd, 2004, 11:20 AM

I have created a custom UserDetails implementation that contains my existing User object, as well as the user name, pass, ect. Is there any way that I can access that object using jstl <c:out ... />. ie. I would like to put a welcome message in the header of each page, the info is stored in the UserDetailsImpl.

Thanks,
Dan

**Ben Alex** · Oct 3rd, 2004, 06:05 PM

You can access it via:

((SecureContext) ContextHolder.getContext()).getAuthentication().ge tPrincipal()

The getPrincipal() returns an Object. If you are running DaoAuthenticationProvider with forcePrincipalAsString = false (the default) you will be able to cast that Object to UserDetails. If you've set this property to true, it will be a String representation of the username.

**dmfrey** · Oct 4th, 2004, 12:32 PM

Ben,

That is how I am accessing it from my controller. That is fine, but I was looking for a way to access the context from, for instance, a header file that gets included in every request. It is not a problem if that can't be done. I already created a filter that will add that to the request when the SecureContext exists, this way it is available to every request.

Dan

**Ben Alex** · Oct 4th, 2004, 04:08 PM

Hi Dan

Your approach would work as a general-purpose solution. Alternatively, you can always read it directly from the HttpSession attribute keyed against net.sf.acegisecurity.ui.webapp.HttpSessionIntegrat ionFilter.ACEGI_SECURITY_AUTHENTICATION_KEY if you're using the default HttpSession-based storage of the user credentials.

Generally it's a view-specific issue to expose the Authentication more easily. You could add it to the Model returned by your controller. Or use a taglib like net.sf.acegisecurity.taglibs.authz.AuthorizeTag. Or (as we do with FreeMarer) extend FreeMarkerView and add it in the protected void exposeHelpers(Map, HttpServletRequest) method so it's accessible to a FreeMarker macro.

**dmfrey** · Oct 5th, 2004, 07:56 AM

Ben,

Thanks for you input. I think for right now, the filter will work fine. I am limiting what type of session attibutes the view can access, and I don't want to make every call the controller returns have to check for that info in the request. The filter seems like a viable solution.

Thanks again.
Dan

**dhalbrook** · Jan 31st, 2005, 06:39 PM

Although probably not recommended:

Code:

<c&#58;out value="$&#123;sessionScope&#91;'ACEGI_SECURITY_AUTHENTICATION'&#93;.principal.username&#125;"/>

This worked for me.

Thread: Acegi, UserDetails

Thread Tools

Display

Acegi, UserDetails

Similar Threads

WebSphere for Authentication and Acegi for Authorization ?

Acegi running fine. Howto add roles, ...

Best practice for userDetails and PasswordAuthenticationDao?

Acegi for LDAP

Pls, give some example Acegi usage in the servlets.

Posting Permissions