3


I have the following UserDetailsService implementation.
The authentication process is working great so far.
How do I store my "MyUser bean" (that logged in successfully ) in the "session" so i can get access to it in other areas in my application

Thanks. 

@Transactional(readOnly = true)
public class CustomUserDetailsService implements UserDetailsService {


    private EmployeesApi employeesApi = new EmployeesApi();

    /**
     * Retrieves a user record containing the user's credentials and access. 
     */
    public UserDetails loadUserByUsername(String userName)
            throws UsernameNotFoundException, DataAccessException {

        // Declare a null Spring User
        UserDetails user = null;

        try {


            MyUser employee = employeesApi.getByUserName(userName);



            user =  new User(
                    employee.getUserName(), 
                    employee.getPassword().toLowerCase(),
                    true,
                    true,
                    true,
                    true,
                    getAuthorities(1) );

        } catch (Exception e) {
            logger.error("Error in retrieving user");
            throw new UsernameNotFoundException("Error in retrieving user");
        }


    }
    ....
fatnjazzy
  • 6,070
  • 12
  • 57
  • 83

1 Answers1

6

Spring Security already stores UserDetails of authenticated user in session for you.

So, the easiest way to store MyUser in session is to implement a custom UserDetails that contains a reference to MyUser:

public class MyUserDetails extends User {
    private MyUser myUser;
    public MyUserDetails(..., MyUser myUser) {
        super(...);
        this.myUser = myUser;
    }
    public MyUser getMyUser() {
        return myUser;
    }
    ...
}

And return it from your UserDetailsService:

MyUser employee = employeesApi.getByUserName(userName);
user =  new MyUserDetails(..., myUser);

Then you can easily access MyUser via security context:

MyUser myUser = ((MyUserDetails) SecurityContextHolder
    .getContext().getAuthentication().getPrincipal()).getMyUser();

In Spring MVC controller:

@RequestMapping(...)
public ModelAndView someController(..., Authentication auth) {
    MyUser myUser = ((MyUserDetails) auth.getPrincipal()).getMyUser();
    ...
}

In JSP:

<security:authentication var = "myUser" property="principal.myUser" />
axtavt
  • 239,438
  • 41
  • 511
  • 482
  • Sorry, I dont understand, can you post simple example? TX! – fatnjazzy Feb 06 '11 at 12:34
  • And, by the time that i am inside loadUserByUsername, i dont know yet if the login succeeded. so I cant decide if to store it or not. TX! – fatnjazzy Feb 06 '11 at 12:41
  • 1
    @fatnjazzy: You don't need to store it manually. Spring Security will store `UserDetails` automatically after succeessful authentication. – axtavt Feb 06 '11 at 12:46
  • Thanks, that is working, but i have a question, storing the `MyUser myUser = ((MyUserDetails) auth.getPrincipal()).getMyUser();` in a static method will affect the entire application, what is the best way to allow other layers to have access to it? (I will click on the "V") – fatnjazzy Feb 06 '11 at 13:41
  • Forget about it, i got it from the `SecurityContextHolder.getContext().getAuthentication().getPrincipal()` Thanks!!! – fatnjazzy Feb 06 '11 at 14:21