Results 1 to 2 of 2

Thread: accessing the http request from an auth provider (acegi security 0.5)

  1. May 4th, 2012, 11:13 AM #1
    ErikR
    ErikR is offline Junior Member
    Join Date
    May 2012
    Posts
    4

    Default accessing the http request from an auth provider (acegi security 0.5)

    I'm using a very old version of Acegi security. The jar file name is "acegi-security-0.5.jar".

    The problem with this version is that the UsernamePasswordAuthenticationToken class does not have a details field, and I want to access the http request in one of my AuthenticationProviders.

    Can anyone think of any work-arounds?

    I'd like to avoid upgrading the version of acegi security we're using since that will require a lot of regression testing.
    Reply With Quote Reply With Quote
  2. May 4th, 2012, 02:14 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    I would encourage you to upgrade as there are a number of vulnerabilities that have since been fixed in newer versions (acegi is not supported anymore thus was not fixed).

    If you really need to do this you could use Spring's RequestContext class. Make sure something is populating it first though (i.e. RequestContextListener or RequestContextFilter). An example of the setup can be found in the reference. Consult the respective javadoc for additional details.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules