[Acegisecurity-developer] retrieving users from session after authentication with acegi

[Marco Mistroni]

hello all,
  i want to use acegi security framework in my webapp
in my app, after user has logged in, i am storing it into HttpSession,
since i need the username for other part of my app that insert data
into db.
If i let acegi do the  authentication/authorization, how can i
retrieve the user after a successful authentication?
i can get the Authenticated object from ContextHolder, and from there
with getPrincipal i will get the username
but how can i get hold of ContextHOLDER? is it stored into HttpSession?

i plan to use Filters for integrating acegi with my app

anyone can help?

regards
  marco


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12&alloc_id344&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] retrieving users from session after authentication with acegi

[Ben Alex]

Marco Mistroni wrote:
hello all,
 i want to use acegi security framework in my webapp
in my app, after user has logged in, i am storing it into HttpSession,
since i need the username for other part of my app that insert data
into db.
If i let acegi do the  authentication/authorization, how can i
retrieve the user after a successful authentication?
i can get the Authenticated object from ContextHolder, and from there
with getPrincipal i will get the username
but how can i get hold of ContextHOLDER? is it stored into HttpSession?
i plan to use Filters for integrating acegi with my app
anyone can help?
 

If you use ContextHolder.getContext().getAuthentication() you will 
obtain the Authentication generated by your AuthenticationProvider. If 
using DaoAuthenticationProvider, the Authentication will actually 
provide a getPrincipal() method that will return the UserDetails 
instance that is provided by your AuthenticationDao. As such, you have 
an easy way to obtain a customisable user object without resorting to 
the HttpSession. In general, interacting with the HttpSession directly 
is considered poor practice. The HttpSessionContextIntegrationFilter is 
responsible for managing interaction between the ContextHolder and 
HttpSession, so it shouldn't be necessary for most application 
developers to worry about the HttpSession.

Cheers
Ben

---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer