Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
4185 minor always 08-23-10 09:54 01-20-11 16:52
Reporter: alex Platform:  
Assigned To: ferg OS:  
Priority: normal OS Version:  
Status: closed Product Version: 4.0.9  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version: 4.0.15  
Summary: 0004185: Integration with SpringSecurity
Description: com.caucho.server.http.HttpServletRequestImpl.getUserPrincipal()

Is there some programmatic hook I can use to notify Resin of the successful user authentication event? We're using spring authentication with our own AuthenticationProvider. This functionality used to work, but we've re-worked some of the authentication code and upgraded from Resin3 -> Resin4 since then. I'm having trouble tracking down where the breakage is.


Checking the source, it looks as though the getUserPrincipal() only checks the request attributes for 'caucho.login', not the session attributes.
Is this expected behaviour, and if so how can I get the session attribute into the request attribute in order for it to be returned from getUserPrincipal().
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Notes
(0004983)
ferg   
01-20-11 16:52   
server/1ag3

The Principal can be stored in the session as "caucho.user.principal" (com.caucho.security.Login.LOGIN_USER_PRINCIPAL)

session.setAttribute(Login.LOGIN_USER_PRINCIPAL, new BasicPrincipal("my-user"));

The actual code handling the session is in AbstractLogin because the Authenticator is now independent of the servlet spec and HTTP and servlet-specific handling is in the Login.