Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Accessing RequestContextHolder and HttpServletRequest.getUserPrincipal() from AuthenticationSuccessHandler

Tags:

authentication

spring-mvc

spring

spring-security

I have a Spring-MVC application (i.e. I am using the Spring's dispatcher servlet). I am also using Spring Security to authenticate users. Since I use the Spring's dispatcher servlet, I do NOT have to declare

  <listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
  </listener>

in my web.xml in order to be able to use RequestContextHolder (if I understand correctly the documentation).

My question refers to my implementation of the interface org.springframework.security.web.authentication.AuthenticationSuccessHandler:

public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {

        int timeout = 60*60;

        //does work
        request.getSession().setMaxInactiveInterval(timeout); //60 minutes
        System.out.println("Session timeout of user: " + authentication.getName() + " has been set to: " + timeout + " seconds.");

        /*
        //does not work
        session().setMaxInactiveInterval(timeout); //60 minutes
        System.out.println("Session timeout of user: " + request.getUserPrincipal().getName() + " has been set to: " + timeout + " seconds.");
        */

        //now restore the default work flow (SavedRequestAwareAuthenticationSuccessHandler is the default AuthenticationSuccessHandler that Spring uses,
        // see: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-web-filters.html#form-login-flow-handling )
        (new SavedRequestAwareAuthenticationSuccessHandler()).onAuthenticationSuccess(request, response, authentication);
    }

    public static HttpSession session() {
        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
        return attr.getRequest().getSession(true); // true == allow create
    }
}

Could you explain why in the above mentioned code, RequestContextHolder.currentRequestAttributes() and HttpServletRequest.getUserPrincipal() do not work (they do work inside a Controller)?

Thanks!

like image 363
rapt Avatar asked Sep 30 '11 02:09

rapt

1 Answers

Spring security is filter-based. That is why you need the RequestContextListener defined since the DispatcherServlet will not have been invoked yet when the spring-security stuff happens and the spring request context will not have been set up.

like image 159
pap Avatar answered Sep 30 '22 18:09

pap
Sign in to Comment

Related questions

Spring JDBC RowMapper with Class Hierarchies
JPA Multiple Persistence Unit bug
How do I retrieve default validation messages from Hibernate Validator?
Spring JDBC vs JDBC
How to set-up transactions for both web application and batch jobs using Spring and Hibernate
What's the default hibernate session control behavior in spring?
Where to store user uploads in spring mvc application?
How to propagate Spring transaction to another thread?
Hibernate, Spring, @Transactional - surround with try/catch?
Database-driven resource bundle in Spring
Doing context:component-scan programatic way?
Localizing Exception Messages using Spring
javax.validation does not exist [closed]
Using Spring from a custom logback appender?
Spring 3 (SWS2): difference between <context:component-scan> and <sws:annotation-driven>
Login loop with Spring Security requires-channel and Amazon Elastic Load Balancer
Anyone have a Spring AOP @DeclareParents example?
EhCache + hibernate
use existing domain classes with Spring Security plugin
Reflection + spring dependency injection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!