May 4th, 2012, 11:13 AM
accessing the http request from an auth provider (acegi security 0.5)
I'm using a very old version of Acegi security. The jar file name is "acegi-security-0.5.jar".
The problem with this version is that the UsernamePasswordAuthenticationToken class does not have a details field, and I want to access the http request in one of my AuthenticationProviders.
Can anyone think of any work-arounds?
I'd like to avoid upgrading the version of acegi security we're using since that will require a lot of regression testing.
May 4th, 2012, 02:14 PM
I would encourage you to upgrade as there are a number of vulnerabilities that have since been fixed in newer versions (acegi is not supported anymore thus was not fixed).
If you really need to do this you could use Spring's RequestContext class. Make sure something is populating it first though (i.e. RequestContextListener or RequestContextFilter). An example of the setup can be found in the reference. Consult the respective javadoc for additional details.