Geek Answers Handbook

Does Acegi / Spring support getUserPrincipal () security support?

I need to associate an existing application with Acegi / Spring security.

To get started, I'm looking for one simple information: in this context, is the HttpServletRequest.getUserPrincipal () called from my application correctly returning the username obtained using Spring (as opposed to using Spring - specific objects)? I have conflicting information on Google.

I assume that if Acegi is implemented with filters, it can overload the getUserPrincipal () servlet API, right?

Auxiliary question: if this is not the case by default, is there a way to enable it?

Thanks,

-Erik

+5
source share
3 answers

As the previous user said, spring security support getUserPrincipal and isUserInRole. Here's how spring works.

When configuring spring, it can load the following filters:

http://static.springframework.org/spring-security/site/reference/html/ns-config.html#filter-stack

As part of the standard filter configuration, a filter is loaded SecurityContextHolderAwareRequestFilter.

Exploring the filter @ https://fisheye.springsource.org/browse/spring-security/tags/spring-security-parent-2.0.4/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestFilter.java ? r = 2514

, HttpServletRequest SecurityContextHolderAwareRequestWrapper, HttpServletRequestWrapper, HttpServletRequest doFilter -. spring , SecurityContextHolderAwareRequestWrapper. JSP .

isUserInRole getUserPrincipal JSP, , HttpServletRequest spring .

+6

, , . , .

, , , Principal Spring org.springframework.security.Authentication, .

request.getUserPrincipal() request.isUserInRole() Spring, JSP.

+1

I really believe that Spring Security stores this information in a SecurityContext, not in a request. You can easily write a FilterSecurityInterceptor that you can configure to add this information to the request.

0
source

More articles:


All Articles