HttpSessionListener issue when upgrading from 2.0.4 to 3.0.3
HttpSessionListener issue when upgrading from 2.0.4 to 3.0.3
Hi all,
I have a HttpSessionListener implementation that used to work in 2.0.4 version and is not working in the 3.0.3 version.
The code with the issue is in sessionCreated(...):
The issue is that after login the Authentication is populated in SecurityContext after the call of sessionCreated(...) and at the moment when I call it is null.Code:public void sessionCreated(HttpSessionEvent se) { log.debug("Session Created ..."); SecurityContext securityContext = SecurityContextHolder.getContext(); if (securityContext != null) { log.debug("securityContext != null " + securityContext.getClass().getName() ); Authentication authentication = securityContext.getAuthentication(); // Here I get null while in old version has worked if(authentication != null) { log.debug("authentication != null " + authentication.getClass().getName()); Object principal = authentication.getPrincipal(); if(principal != null) { log.debug("principal != null " + principal.getClass().getName()); if (principal instanceof User) { User user = (User) principal; log.debug("User Exists!"); List<MenuItem> menuItems = MenuHelper.getMenuItemsForRole(user.getRolesAsString()); se.getSession().setAttribute(WebConstants.MENU_ITEMS, menuItems); } } } else { log.debug("authentication IS null"); } } }
The log after login is:
Can I still use this approch to set a session attribute when I have a new session with a sucessful authentication in 3.0.3?Code:DEBUG com.devbis.webapp.listener.SessionListener sessionCreated (43) - Session Created ... DEBUG com.devbis.webapp.listener.SessionListener sessionCreated (48) - securityContext != null org.springframework.security.core.context.SecurityContextImpl DEBUG com.devbis.webapp.listener.SessionListener sessionCreated (67) - authentication IS null DEBUG org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy onAuthentication (94) - Started new session: F9C86192C58E2291B549ABF0A13F14C7 DEBUG org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter successfulAuthentication (289) - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230: Principal: com.devbis.model.User@261ac7...
If not what is the recomended approch in 3.0.3?
As a reference the security config is:
Thank you,Code:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <http auto-config="true" lowercase-comparisons="false"> <intercept-url pattern="/admin/*" access="ROLE_ADMIN"/> <intercept-url pattern="/passwordHint.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <intercept-url pattern="/signup.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" login-processing-url="/j_security_check"/> <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> </http> <authentication-manager> <authentication-provider user-service-ref="userDao"> <password-encoder ref="passwordEncoder"/> </authentication-provider> </authentication-manager> <global-method-security> <protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN"/> <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/> </global-method-security> </beans:beans>
Darius
