Hi, I'm also trying to get Spring security to work on GAE. regarding your problem: 1. there is an issue with Spring Security 2.0.5 on GAE, you can find a fix here: http://www.google-app-engine.com/blog/post/Spring-security-fix-for-google-app-engine.aspx
2. I couldn't entirely substantiate it, but I read of a lot of problems deployed GAE has with AOP (as opposed to Google development environment on eclipse). maybe this has something to do with it as well. hope this helps a bit. On Dec 24, 10:46 pm, "sulaimanmra...@googlemail.com" <sulaimanmra...@googlemail.com> wrote: > Hi, > > I've created a GAE web application using Spring 3.0 and Spring > Security 2.0.5. > > After a little heartache and help from reading the posts on the forum, > I managed to get it all working locally, with users able to register, > validate their accounts via email and login in securely. > > When a user logs in, I wanted to make their details available across > the site. I did this by creating an Interceptor, responsible for > pulling the prinicipal from the Spring Security Authentication class > (retrieved from the SecurityContextHolder) and then placing the object > in the HttpServletRequest object. Below is a snippet of code from the > interceptor. > > public void postHandle( > HttpServletRequest request, > HttpServletResponse response, > Object handler, > ModelAndView modelAndView) { > > try { > Member member = securityContext.getMember(); > request.setAttribute("user", member); > > log.info("injecting user into request"); > > } catch(SecurityRuntimeException e) { > // do nothing - will be thrown if no user is logged in > } > } > > The user's information is wrapped in a 'Member' object, with the > securityContext responsible for retrieving it from the > SecurityContextHolder. > > Locally, on the GAE development environment, everything works fine! > The interceptor correctly places the principal in the request and my > JSP's can readily access it. However, when I deploy the application to > the app engine, it does not appear to work. The logs have not provided > any clue as to why the request does not appear to have the principal > in it. > > Is there any reason why the interceptor would not work on the app > engine? Or, is it ill-advised to add objects into the > HttpServletRequest? > > I'm tearing my hair out with why it's not working, and it's the only > thing within my application that isn't! So any help or advice offered > is much appreciated. I'm hoping to have my code up in the Google Code > repository so if anyone wants to have a look, they're more than > welcome. > > Thanks! > Sully -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.