Can't receive custom UserDetails impl with RemoteAuthenticationManagerImpl

[andrew]

I'm working on client-server app with swing ui, and use Spring Remoting and Acegi. On the client side I do the following to authenticate user:

Code:

UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName, password);
Authentication populatedAuthentication = authManager.authenticate(authentication);
SecurityContextHolder.getContext().setAuthentication(populatedAuthentication);

When I use

Code:

UserVo principal = (UserVo) securityContext.getAuthentication().getPrincipal();

I receive String with user's name instead of my implementation of UserDetails. But when I start my app locally (without Spring remoting, RemoteAuthenticationManagerImpl, etc) it works fine, i.e. returns UserDetails implementation.

Is this is limitation of HttpSessionContextIntegrationFilter, or I'm doing something wrong?

[andrew]

Sorry, I've missed following notes in org.acegisecurity.providers.rcp.RemoteAuthenticati onManager javadoc:

In order to maximise remoting protocol compatibility, a design decision was taken to operate with minimal arguments and return only the minimal amount information required for remote clients to enable/disable relevant user interface commands etc.

So, if you use RemoteAuthenticationManager you can't get your UserDetails implementation on the client side, only array of GrantedAuthority.

[Ben Alex]

If remoting protocols offered better serialization support it would be easier. If you have a fairly good serialization-based remoting protocol, you could replace the RemoteAuthenticationManager implementation to return UserDetails instead of GrantedAuthority[].