"remember me" requires refresh?

[dlevine]

I got remember me working, and it was a really simple config. Only problem is, when I come back to the site it actually doesnt show me as logged in until I do a page refresh (or click on any link within the site). The second page loaded shows me logged in, but not the first.

This is not a problem with cache, as I can change the JSP source and the new page will show up, just not logged in.

Anyone else had this problem? Have any ideas?

My config is pretty much right out of the docs, but I am also using a rewrite filter, defined in web.xml below the acegi filter chain. (I'll post my xml if no one has any ideas from this description.)

THANKS!

[dlevine]

I realized that it was logging in right away with remember me, but it was not setting the session object "ACEGI_SECURITY_CONTEXT" until after the first page had already processed. So the first page gets back null for that SecureContextImpl object, but future pages see it properly.

Is there a different/better/more immediate way to access the current user?

Currently, I am calling:

reques.getSession().getAttribute("ACEGI_SECURITY_C ONTEXT")

from within a custom tag on the page to display username, etc.

any other ideas?

thanks!

[grasshopper]

I understand that you are trying to get the SecureContext, if this is so you may use SecureContextUtils.getSecureContext() . If you want only the user name displayed on the first page, try session.getAttribute(AuthenticationProcessingFilte r.ACEGI_SECURITY_LAST_USERNAME_KEY).

[Luke Taylor]

This makes sense - HttpSessionIntegrationFilter comes first in the list, so you won't be able to access the context via the session until the request has been completed.

You could try accessing the context directly using SecurityContextHolder.getContext as this should be available immediately after authentication takes place.

[paskos]

Hi dlevine.

May be the first page you use to access the site when comming back doesn't trigger the remember me filter.

Normally all the filters should be triggered before processing the jsps.

The only thing I can see in your problem is that your jsp is processed and the filter is not.

Check the URL mapping on you filters.

paskos

[Luke Taylor]

Hi dlevine.

May be the first page you use to access the site when comming back doesn't trigger the remember me filter.

Normally all the filters should be triggered before processing the jsps.

The only thing I can see in your problem is that your jsp is processed and the filter is not.

Check the URL mapping on you filters.

paskos

I don't think this is correct. The filter is being processed - it's just that the context isn't available from the HttpSession until the request has (almost) been completed and HttpSessionIntegrationFilter sets it on the way out here:

http://acegisecurity.sourceforge.net...ilter.html#266

[dlevine]

Thank you all for replies. You are correct Luke, the filter is being processed. I will try out the other suggestions this afternoon -- Thank you!

You could try accessing the context directly using SecurityContextHolder.getContext as this should be available immediately after authentication takes place.

If you want only the user name displayed on the first page, try session.getAttribute(AuthenticationProcessingFilte r.ACEGI_SECURITY_LAST_USERNAME_KEY).

Those look helpful, and I will try them next. What is the standard way to check and see if a user is logged in from within a Servlet/JSP? What about to get the User Details object?

I'll post my results in a few hours... thanks again!

[Luke Taylor]

SecurityContextHolder.getContext().getAuthenticati on() gives you a reference to the current authentication object. From that you can access the UserDetails object.

Note that the names and so on have changed - it might be an idea to upgrade if that's feasible, possibly when 0.9.0 comes out.

[Luke Taylor]

I should probably have said that the UserDetails is available from the getPrincipal() method (assuming you're using a DAO provider).

[dlevine]

IT WORKS!

I was actually already doing "getContext().getAuthentication().getPrincipal ()", but I was doing it from

reques.getSession().getAttribute("ACEGI_SECURITY_C ONTEXT")

instead of

SecureContextUtils.getSecureContext()

Thanks Grasshopper!!! and to Luke for your help and paskos... =)