Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added faqs on accessing the HttpSession from a UDS andon the use of URLs with fragments.

This commit is contained in:
Luke Taylor 2010-05-22 14:31:28 +01:00
parent 0e57ce2dc3
commit 12fc73f046
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/faq/src/docbook/faq.xml
View File

@ -445,7 +445,16 @@
<interfacename>UserDetailsService</interfacename> which splits them up <interfacename>UserDetailsService</interfacename> which splits them up
and loads the appropriate user data for authentication. </para></answer> and loads the appropriate user data for authentication. </para></answer>
</qandaentry> </qandaentry>
<qandaentry> <qandaentry xml:id="faq-matching-url-fragments">
<question><para>How do I apply different <literal>intercept-url</literal> constraints where only the
fragment value of the requested URLs differs (e.g. <literal>/foo#bar</literal> and <literal>/foo#blah</literal>?</para></question>
<answer>
<para>You can't do this, since the fragment is not transmitted from the browser to the server. The URLs above
are identical from the server's perspective. This is a common question from GWT users.</para>
</answer>
</qandaentry>
<qandaentry xml:id="faq-request-details-in-user-service">
<question><para>How do I access the user's IP Address (or other web-request data) in a <interfacename>UserDetailsService</interfacename>?</para></question> <question><para>How do I access the user's IP Address (or other web-request data) in a <interfacename>UserDetailsService</interfacename>?</para></question>
<answer> <answer>
<para> <para>
@ -468,6 +477,20 @@
</answer> </answer>
</qandaentry> </qandaentry>
<qandaentry xml:id="faq-access-session-from-user-service">
<question><para>How do I access the <interfacename>HttpSession</interfacename> from a <interfacename>UserDetailsService</interfacename>?</para></question>
<answer><para>You can't, since the <interfacename>UserDetailsService</interfacename> has no awareness of the
servlet API. If you want to store custom user data, then you should customize the <interfacename>UserDetails</interfacename>
object which is returned. This can then be accessed at any point, via the thread-local <classname>SecurityContextHolder</classname>.
A call to <literal>SecurityContextHolder.getContext().getAuthentication().getPrincipal()</literal> will return this custom
object.
</para>
<para>
If you really need to access the session, then it must be done by customizing the web tier.
</para>
</answer>
</qandaentry>
<qandaentry xml:id="faq-dynamic-url-metadata"> <qandaentry xml:id="faq-dynamic-url-metadata">
<question><para>How do I define the secured URLs within an application <question><para>How do I define the secured URLs within an application
dynamically?</para></question> dynamically?</para></question>