Problem Retrieving Token from Session

**jpwinans** · Feb 14th, 2005, 04:50 PM

Hello,

I've got an application that needs to know what user is logged in. First a user will be redirected to log into CAS, then when they perform a function, I'd like to attach that User to the resulting object created.
How can my Spring MVC controller retrieve what user is logged in and put it in the model as RefData?
I see how it might have something to do with the ContextHolder, but I'm not having any luck. Any help would be great.

Thanks,
James

**Ben Alex** · Feb 15th, 2005, 01:23 AM

Code:

&#40;&#40;SecureContext&#41; ContextHolder.getContext&#40;&#41;&#41;.getAuthentication&#40;&#41;

**jpwinans** · Feb 15th, 2005, 09:30 AM

Hey Ben,

That is exactly what I thought it would be. I see that code in the authz tag library code. However, when I do it from my web controller, it returns null. <shrug> Any ideas?

Thanks,
James

**jpwinans** · Feb 15th, 2005, 09:34 AM

Hey,

Okay, this code works. I was doing a slight variation. Thank you VERY much.

Take care,
James

**jpwinans** · Feb 15th, 2005, 10:27 AM

Well shoot,

Okay, I'm confused on this ThreadLocal stuff in the context of CAS and Acegi. I can retrieve the Authentication object if I log in from a fresh Internet Explorer window. However, if I logoff of CAS and log in as another user, retrieving Authentication returns null.
I know that CAS is working, because I have JSP pages that use the authz:authorize successfully. So it's as if I can retrieve it when the JSP is being generated, but I can't when I invoke my application facade from a web controller... UNLESS it is the first user logged in and hasn't logged out. <shrug> Any ideas?

Thanks,
James

**jpwinans** · Feb 15th, 2005, 11:14 AM

Okay, here's what I've got so far...

When I first open a browser window, log in, and make a call to my controller, the ContextHolder.setContext() gets called. However, when I log out with the CAS logout servlet, I log back in, and I call the controller, the ContextHolder.setContext() is NOT getting called. <shrug>

Thanks,
James

**jpwinans** · Feb 15th, 2005, 12:00 PM

Okay, I'm getting closer....

When I've first opened a browser and I invoke my controller, the AutoIntegrationFilter recognizes the Authentication object and calls ContextHolder.setContext(). This is called "extracted" at line 133 of AbstractIntegrationFilter:

Code:

// Populate authentication information
            Object extracted = this.extractFromContainer&#40;request&#41;;

            if &#40;extracted instanceof Authentication&#41; &#123;
                if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                    logger.debug&#40;
                        "Authentication added to ContextHolder from container"&#41;;
                &#125;

However, when I've logged off and log in again, this.extractFromContainer(request) returns null. So setContext() is never called.

Upon further investigation, I see that it returns null becuase there is no ACEGI_SECURITY_AUTHENTICATION token associated with the httpRequest's session.

-James

**jpwinans** · Feb 15th, 2005, 04:52 PM

Okay,

After talking to myself here for a while, I figured out it was all a stupid error on my part. I didn't have my controller mapped from a secure context. :? I guess I got all caught up in the details.

Thanks,
James

Thread: Problem Retrieving Token from Session

Thread Tools

Display

Problem Retrieving Token from Session

Similar Threads

OpenSessionInView and portlet support

Problem: SecureContextImpl reused in subsequent session

Spring container fails with no exception

OpenSessionInViewInterceptor called but session flushed

Hibernate Session Per Request Problem with CMT EJB

Posting Permissions