Results 1 to 2 of 2

Thread: Userdetails for an unauthenticated user in ApplicationListener

  1. Sep 1st, 2006, 04:19 PM #1
    mantu_sahu
    mantu_sahu is offline Junior Member
    Join Date
    Aug 2006
    Posts
    9

    Default Userdetails for an unauthenticated user in ApplicationListener

    i need to lock the user after n login attempts. i have read the posting related to this topic. still unclear as to what's the best way to do this. i have currently implemented an application event listener where i am checking for AuthenticationFailureBadCredentialsEvent. i am storing the failed login event in the database.

    i am using an acegi decorator that wraps my User object and implements the UserDetails interface. this is populated by loadUserByUsername(). this object is filled in with all the details from the DB when an existing user attempts to login. however, i am not able to access this object from my ApplicationListener class. the SecurityContextHolder.getContext().getAuthenticati on().getPrincipal() method is returning a String. that's because the security context is populated with the anonymous authentication token and not with my decorated user object. the casting to my user object is failing.

    here are my questions :
    - am i in the correct path
    - how can i access my user object or the username attempting to login in the ApplicationListener.

    i appreciate your help!
  2. Nov 9th, 2007, 02:57 AM #2
    JimTonic
    JimTonic is offline Member
    Join Date
    Dec 2006
    Location
    Karlsruhe, Germany
    Posts
    47

    Default

    Hello,
    I had the same problem and came across this thread. So just for the records I post my solution.

    I extended AnonymousProcessingFilter and overwrote the createAuthentication method:
    Code:
    @Override
protected Authentication createAuthentication(ServletRequest request) {
    UserDetails userDetails = buildDetails(request);
    AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(getKey(), userDetails, getUserAttribute().getAuthorities());
     // auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
    return auth;
}
    You just have to provide a buildDetails method.
    Maybe this would be a good extension point for the next version ?
    Also the authenticationDetailsSource should get a getter method. I just have commented it, because I don't need it.

    Can someone please reply if this is a good idea ?
    Should I make a jira entry ?

    Thanks.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules