Putting Objects in the Session when Authentication Successfu

[linus1412]

Hi,

I have replaced my custom security in my web app with Acegi, and the authentication and security work a treat.

However...

When I had my manual solution, I was putting a collection of Integer objects in to the session (league Ids of which they are a member) after authentication. I could then display these in a drop down list on my web pages and let the user select a different league table to look at.

Now when authentication is successful Acegi put an object in to the session, but how can I?

What is the Acegi way :?:

Martin

[mmasters]

I'm not going to be able to help you, but I am wanting to do some session stuff. I was wondering how you are placing/retrieving information into/from the session.

The application I'm working on sends out an email to vendor. I have a domain object called Purchase which has a Vendor object and has a collection of items. Could you suggest how I might place this information into the session?

thanks in advance,
Mike

[David Carter]

Subclass User, or write your own principal class that implements UserDetails, and include your collection of league IDs as a property of User. Then you can use something like

Code:

Set leagues = request.getUserPrincipal().getLeagues();

[Ben Alex]

It's odd to place a collection of items into the session. You'd generally be populating that into a model. If using Spring MVC, you'd put it into the ModelAndView returned by your controller.

If you wanted to store leagus against the user, you'd probably make a LeagueGrantedAuthority that implements GrantedAuthority. In turn your AuthenticationDao would add the LeagueGrantedAuthority to UserDetails. You can then access them via SecurityContextHolder.getContext().getAuthenticati on().getAuthorities().

[annbc]

If another property is added to a subclass of UserDetails, userId, for instance, how do you access it?
SecurityContextHolder.getContext().getAuthenticati on().get???

[Ben Alex]

SecurityContextHolder.getContext().getAuthenticati on().get???

((CustomUserDetails)SecurityContextHolder.getConte xt().getAuthentication().getPrincipal()).getMySpec ialProperty();

[Johannes Hiemer]

Hey Ben,
I got it the same way you proposed it, but I always get an ClassCastException.
What is wrong?
My Class:

Code:

package clara.bo.model;

import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.UserDetails;

/**
 * 
 */

/**
 * @author Johannes.Hiemer
 *
 */

public class AuthenticatedUser implements UserDetails {

	public User currentUser;

	/**
	 * @return Returns the currentUser.
	 */
	public User getCurrentUser() {
		return currentUser;
	}

	/**
	 * @param currentUser The currentUser to set.
	 */
	public void setCurrentUser(User currentUser) {
		this.currentUser = currentUser;
	}

	public boolean isAccountNonExpired() {
		return false;
	}

	public boolean isAccountNonLocked() {
		return false;
	}

	public GrantedAuthority[] getAuthorities() {
		return null;
	}

	public boolean isCredentialsNonExpired() {
		return false;
	}

	public boolean isEnabled() {
		return false;
	}

	public String getPassword() {
		return null;
	}

	public String getUsername() {
		return null;
	}
	

}

Code:

((AuthenticatedUser)acegiContext.getAuthentication().getPrincipal()).getCurrentUser();

Thanks a lot

Regards Johannes

[Ben Alex]

Is your AuthenticationDao returning an instance of your AuthenticatedUser? Try doing a getClass().getName() instead of calling your custom property - it shoud be AuthenticatedUser if your configuration is correct.