Karel Miarka wrote:
Ben,
Another issue connected to logging. In my log file reappears Authentication success record with details: null. I think that for the first time a user logs in the details are filled by IP, but later on when the user expires from user cache and is obtained again from DAO this success event is triggered again with null details.
I think that if the above assumption is true we should add a condition "&& details != null" when triggering the event or at least to the LoggerListener to avoid writing it to the log.
What do you think? Karel
Hi Karel
Authentication.getDetails() is allowed under the interface contract to be null. So we can't decide for DaoAuthenticationProvider to not publish an event if it is simply null.
At present DaoAuthenticationProvider publishes AuthenticationSuccessEvent every time an authentication takes place where the cache was not used. Thanks to the AbstractIntegrationFilter.commitToContainer(ServletRequest, Authentication) method we have the HttpSession contain the final Authentication that exists on the ContextHolder at the end of a request. This is then placed back onto the ContextHolder and re-presented on subsequent requests. The DaoAuthenticationProvider builds a response Authentication token upon successful authentication in its createSuccessAuthentication(Object, Authentication, UserDetails) method. So all we need to do is ensure this latter method returns an Authentication which actually contains the original Authentication.getDetails().
I've just committed a change and unit test for DaoAuthenticationProvider that does the above.
Best regards Ben
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
