Added faqs on accessing the HttpSession from a UDS andon the use of URLs with fragments.

2010-05-22 14:31:28 +01:00 · 2010-05-22 14:31:28 +01:00 · 12fc73f046
parent 0e57ce2dc3
commit 12fc73f046
1 changed files with 24 additions and 1 deletions
--- a/docs/faq/src/docbook/faq.xml
+++ b/docs/faq/src/docbook/faq.xml
@ -445,7 +445,16 @@
                            <interfacename>UserDetailsService</interfacename> which splits them up
                        and loads the appropriate user data for authentication. </para></answer>
            </qandaentry>
-            <qandaentry>
+            <qandaentry xml:id="faq-matching-url-fragments">
+                <question><para>How do I apply different <literal>intercept-url</literal> constraints where only the
+                fragment value of the requested URLs differs (e.g. <literal>/foo#bar</literal> and <literal>/foo#blah</literal>?</para></question>
+                <answer>
+                    <para>You can't do this, since the fragment is not transmitted from the browser to the server. The URLs above
+                    are identical from the server's perspective. This is a common question from GWT users.</para>
+                </answer>
+            </qandaentry>
+            
+            <qandaentry xml:id="faq-request-details-in-user-service">
                <question><para>How do I access the user's IP Address (or other web-request data) in a <interfacename>UserDetailsService</interfacename>?</para></question>
                <answer>
                    <para>
@ -468,6 +477,20 @@
                </answer>
            </qandaentry>

+            <qandaentry xml:id="faq-access-session-from-user-service">
+                <question><para>How do I access the <interfacename>HttpSession</interfacename> from a <interfacename>UserDetailsService</interfacename>?</para></question>
+                <answer><para>You can't, since the <interfacename>UserDetailsService</interfacename> has no awareness of the
+                servlet API. If you want to store custom user data, then you should customize the <interfacename>UserDetails</interfacename>
+                    object which is returned. This can then be accessed at any point, via the thread-local <classname>SecurityContextHolder</classname>.
+                    A call to <literal>SecurityContextHolder.getContext().getAuthentication().getPrincipal()</literal> will return this custom 
+                    object.
+                </para>
+                <para>
+                    If you really need to access the session, then it must be done by customizing the web tier.
+                </para>
+                </answer>
+            </qandaentry>
+
            <qandaentry xml:id="faq-dynamic-url-metadata">
                <question><para>How do I define the secured URLs within an application
                        dynamically?</para></question>