Why the type of auth.getPrincipal() is always String ?

[jameli]

Jame wrote:

>I use the acegi-security-0.6,but when I test the contact-cas,
>
>in the class SecureIndexController ,it always tell me the type of the auth.getPrincipal() is String !!
>
>how can I make it the type of UserDetails.
>
>hope your reply!
>
>thanks!
>
>
>
>
>
When using the CAS authentication provider, try
CasAuthenticationToken.getUserDetails().

Ben


I try it ,but it doesn't work.

Why?

thanks.

[Ben Alex]

If you're not using the CasAuthenticationProvider, I'm assuming you're using DaoAuthenticationProvider instead. If this is the case, ensure the DaoAuthenticationProvider.forcePrincipalAsString property is false. This will result in the Authentication objects it returns containing the UserDetails from Authentication.getPrincipal().

If you continue to have difficulties, please advise the AuthenticationProvider you are using and include the XML that defines that bean from your application context.

[jameli]

CasAuthenticationToken auth = (CasAuthenticationToken)secureContext.getAuthentic ation();

instead of

Authentication auth = secureContext.getAuthentication();

then I can get my UserDetails ;thanks for Ben!

but the type of auth.getPrincipal() is still String ,It appeas that I can only get the UserDetails by the method auth.getUserDetails()!

I just test contact-cas ,changed nothing in the applicationContext.xml and web.xml;

I have changed the forcePrincipalAsString = false .it doesn't work,so I am confused with the code:

if (auth.getPrincipal() instanceof UserDetails) {
.....
}

because the type of auth.getPrincipal() is always String!

hope your reply.

thank for your reply,you're so kind.

I like Spring ,I like acegi,both of them are so wonderful. 8)

[Ben Alex]

Each AuthenticationProvider has a specific way of returning the UserDetails.

For DaoAuthenticationProvider it will always return a UsernamePasswordAuthenticationToken, which returns the UserDetails via Authentication.getPrincipal() (assuming you haven't set forcePrincipalAsString to true).

For CasAuthenticationProvider it will always returns a CasAuthenticationToken, which returns the UserDetails via CasAuthenticationToken.getUserDetails().

The reason for the difference is CasAuthenticationToken.getPrincipal() needs to store a CAS-specific identifier.

HTH

[jameli]

I get it!

Thanks again,Ben.

[afida]

Ben,

I am using DaoAuthenticationProvider, and still getting same problem. Here is my bean def

Code:

  <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="forcePrincipalAsString"><value>false</value></property>  
    <property name="authenticationDao"><ref bean="authenticationDao"/></property>
</bean>

I was using my own implementation of AuthenticationDao, but i switched JdbcDaoImpl and still have the same problem.

Following are the two filters in web.xml

Code:

  <filter>
    <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
      <param-name>targetClass</param-name>
      <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
    </init-param>
  </filter>

  <filter>
    <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
      <param-name>targetClass</param-name>
      <param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value>
    </init-param>
  </filter>

I have a rich client and using acegi-security-0.6.1.

Amad

[afida]

I have even tried with InMemoryDaoImpl,

Code:

   <bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
       <property name="userMap">
           <value>
               admin=admin,ROLE_ADMIN
           </value>
       </property>
   </bean>

and on rich-client side, secureContext.getAuthentication().getPrincipal() still result in username ?????

This is driving me nuts now! please help

Amad

[afida]

Any Idea .... someone (Ben) ????

[Ben Alex]

We've covered this on the acegisecurity-developers list. For the benefit of the forums, see http://www.mail-archive.com/acegisec.../msg00876.html.