isAuthenticated() is always false.

**cracker_jack** · Mar 16th, 2005, 01:37 PM

Hi All,
I am using the UsernamePasswordAuthenticationToken for authentication. I can see the following in the log

=================================================

[java] 2005-03-16 14:35:09,054 DEBUG org.springframework.jdbc.core.StatementCreatorUtil s - Setting SQL statement parameter value: columnIndex 1, parameter value [testuser], valueClass [java.lang.String], sqlType 12
[java] 2005-03-16 14:35:09,054 DEBUG org.springframework.jdbc.datasource.DataSourceUtil s - Closing JDBC connection
[java] 2005-03-16 14:35:09,054 DEBUG org.springframework.context.support.ClassPathXmlAp plicationContext - Publishing event in context [org.springframework.context.support.ClassPathXmlAp plicationContext;hashCode=25699763]: net.sf.acegisecurity.providers.dao.event.Authentic ationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePass wordAuthenticationToken@c9630a: Username: testuser; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]
==============================================

There is an AuthenticationSuccessEvent but the Authenticated property still shows false. When and how does the authenticated property be set to true?

Any ideas??

Thanks in advance

pg · Mar 17th, 2005, 07:45 AM

This sounds like a very similar problem to my post ref:

upgrading 0.8.0 Null authentication SecureContextImpl

**jdoklovic** · Mar 17th, 2005, 04:09 PM

Just looked at the source for DaoAuthenticationProvider and UsernamePasswordAuthenticationToken...

Basically it looks like on a successful auth, the DaoAuthenticationProvider is simply returning a new UsernamePasswordAuthenticationToken with the same exact properties you supplied in the first place. It never runs setAuthenticated(). I'd say this is a bug.

Here's the method in question from DaoAuthenticationProvider:
(the authentication passed in is the original Authentication object)

Code:

protected Authentication createSuccessAuthentication&#40;Object principal,
        Authentication authentication, UserDetails user&#41; &#123;
        // Ensure we return the original credentials the user supplied,
        // so subsequent attempts are successful even with encoded passwords.
        // Also ensure we return the original getDetails&#40;&#41;, so that future
        // authentication events after cache expiry contain the details
        UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken&#40;principal,
                authentication.getCredentials&#40;&#41;, user.getAuthorities&#40;&#41;&#41;;
        result.setDetails&#40;&#40;authentication.getDetails&#40;&#41; != null&#41;
            ? authentication.getDetails&#40;&#41; &#58; null&#41;;

        return result;
    &#125;

**Ben Alex** · Mar 17th, 2005, 05:56 PM

http://forum.springframework.org/viewtopic.php?t=227
http://forum.springframework.org/viewtopic.php?t=1606

**jdoklovic** · Mar 18th, 2005, 07:22 AM

thanks.
that makes some more sense.

Thread: isAuthenticated() is always false.

Thread Tools

Display

Hybrid View

isAuthenticated() is always false.

Similar Threads

Why Authenticated is false

Authenticated: false in Acegi Security DEBUG entry

Using non standard user/role table structure problem

how use WebSphereTransactionManagerFactoryBean class?

sessionForm=true or false ?

Posting Permissions