From 12fc73f046dd3dce22b6f663333b5b5676b63ecb Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sat, 22 May 2010 14:31:28 +0100 Subject: [PATCH] Added faqs on accessing the HttpSession from a UDS andon the use of URLs with fragments. --- docs/faq/src/docbook/faq.xml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/faq/src/docbook/faq.xml b/docs/faq/src/docbook/faq.xml index e728c51581..a4d350c5b7 100644 --- a/docs/faq/src/docbook/faq.xml +++ b/docs/faq/src/docbook/faq.xml @@ -445,7 +445,16 @@ UserDetailsService which splits them up and loads the appropriate user data for authentication. - + + How do I apply different intercept-url constraints where only the + fragment value of the requested URLs differs (e.g. /foo#bar and /foo#blah? + + You can't do this, since the fragment is not transmitted from the browser to the server. The URLs above + are identical from the server's perspective. This is a common question from GWT users. + + + + How do I access the user's IP Address (or other web-request data) in a UserDetailsService? @@ -468,6 +477,20 @@ + + How do I access the HttpSession from a UserDetailsService? + You can't, since the UserDetailsService has no awareness of the + servlet API. If you want to store custom user data, then you should customize the UserDetails + object which is returned. This can then be accessed at any point, via the thread-local SecurityContextHolder. + A call to SecurityContextHolder.getContext().getAuthentication().getPrincipal() will return this custom + object. + + + If you really need to access the session, then it must be done by customizing the web tier. + + + + How do I define the secured URLs within an application dynamically?