You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@click.apache.org by C Jennings <co...@yahoo.com> on 2010/03/27 01:58:35 UTC

Spring Security and Apache Click - Obtaining username after login?

Hello -
I am having difficulty with getting a username's value after I authenticate with Spring Security and am forwarded to a success page, (showWelcome.htm below). Basically, all I am trying to do with a small prototype program is enter a user and password which is authenticated by Spring and then forwards the authenticated user to a Welcome page that says 'Welcome <username>'. However, the value of username is always NULL when I debug it.

I know my configuration is somewhat working because I get only get forwarded to the Welcome page if i enter the correct id and password (which is stored in a mySQL database and the ORM structure is using Cayenne). However, once I enter the correct username and password, I loose the ability to read the username when I am forward to the Welcome page. 

I have used the Spring Security Login example on http://www.avoka.com/click-examples/home.htm as the basis for my prototype project.
Unfortunately, however the login page doesn't really forward you anywhere. I cannot find any information in the Apache Click User Guide either...

Here is my Spring Security set up. If anyone has any suggestions on how I can maintain the session state when I enter the user name and password, I would greatly appreciate it.

Thank you,

Conor

Spring-Security.xml:

<context:component-scan base-package="clickExample" 
scope-resolver="org.apache.click.extras.spring.PageScopeResolver"/>

<http auto-config="true">
<form-login 
login-page="/login.htm" 
default-target-url="/showWelcome.htm" 
authentication-failure-url="/login.htm?auth-error=1"/>
<logout invalidate-session="true"  logout-url="/j_spring_security_logout" logout-success-url="/login.htm?loggedout=true"/>
</http>

<beans:bean id="authenticationManager" 
class="org.springframework.security.providers.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
  
  
<beans:bean id="daoAuthenticationProvider" 
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/> </beans:bean>

<authentication-provider user-service-ref='userDetailsService'/>

<beans:bean id="userService"  class="service.UserService"/>

<beans:bean id="userDetailsService" class="security.UserDetailsService"/>
  
</beans:beans>

Re: Spring Security and Apache Click - Obtaining username after login?

Posted by Bob Schellink <sa...@gmail.com>.

Ah sorry, you're right, it is getContext().getRequest().getRemoteUser().

bob

On 27/03/2010 10:27 PM, C Jennings wrote:
> Hi Bob -
> Thank you very much for pointing me in the right direction. This is exactly what I was missing...how to connect Spring Security's authentication result with a Page class.
>
> In the end, I used the following approach, which is nearly identical to your suggestion. I couldn't get getContext().getRemoteUser() to work as my project didn't recognize the getContext method. I Googled it and it seemed to suggest I needed the servlet.jar in my classpath. That still didn't resolve the fact that it couldn't recognize getContext(). So I decided to browse through the Page API and found the slightly different approach as shown below in case it helps anyone else with a similiar issue. I used the getContext() from org.apache.Click.Page:
>
> @Component
> public class WelcomePage extends BorderPage {
>
> String loginName = getContext().getRequest().getRemoteUser();
>
> //Then used Apache Cayenne to bring back the details on the User object passing in loginName.
>
> Thanks again..
>
> Conor
>
>
>
> ----- Original Message ----
> From: Bob Schellink<sa...@gmail.com>
> To: user@click.apache.org
> Sent: Fri, March 26, 2010 9:30:22 PM
> Subject: Re: Spring Security and Apache Click - Obtaining username after login?
>
> Hi Conor,
>
> After you've logged on with Spring Security the username is available through the Servlet API:
>
> http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletRequest.html#getRemoteUser()
>
> You wouldn't normally display the login name to the user, but rather lookup the user account and
> display the firstname.
>
> public class MyPage extends BorderPage {
>
>     public void onInit() {
>       String loginName = getContext().getRemoteUser();
>       Customer customer = getCustomerDao().getCustomerByLoginName(loginName);
>       addModel("name", customer.getFirstName());
>     }
> }
>
> mypage.htm
>
> Welcome $name
>
> Hope this helps.
>
> kind regards
>
> bob
>
> On 27/03/2010 11:58 AM, C Jennings wrote:
>> Hello -
>> I am having difficulty with getting a username's value after I authenticate with Spring Security and am forwarded to a success page, (showWelcome.htm below). Basically, all I am trying to do with a small prototype program is enter a user and password which is authenticated by Spring and then forwards the authenticated user to a Welcome page that says 'Welcome<username>'. However, the value of username is always NULL when I debug it.
>>
>> I know my configuration is somewhat working because I get only get forwarded to the Welcome page if i enter the correct id and password (which is stored in a mySQL database and the ORM structure is using Cayenne). However, once I enter the correct username and password, I loose the ability to read the username when I am forward to the Welcome page.
>>
>> I have used the Spring Security Login example on http://www.avoka.com/click-examples/home.htm as the basis for my prototype project.
>> Unfortunately, however the login page doesn't really forward you anywhere. I cannot find any information in the Apache Click User Guide either...
>>
>> Here is my Spring Security set up. If anyone has any suggestions on how I can maintain the session state when I enter the user name and password, I would greatly appreciate it.
>>
>> Thank you,
>>
>> Conor
>>
>> Spring-Security.xml:
>>
>> <context:component-scan base-package="clickExample"
>> scope-resolver="org.apache.click.extras.spring.PageScopeResolver"/>
>>
>> <http auto-config="true">
>> <form-login
>> login-page="/login.htm"
>> default-target-url="/showWelcome.htm"
>> authentication-failure-url="/login.htm?auth-error=1"/>
>> <logout invalidate-session="true"  logout-url="/j_spring_security_logout" logout-success-url="/login.htm?loggedout=true"/>
>> </http>
>>
>> <beans:bean id="authenticationManager"
>> class="org.springframework.security.providers.ProviderManager">
>> <beans:property name="providers">
>> <beans:list>
>> <beans:ref local="daoAuthenticationProvider" />
>> </beans:list>
>> </beans:property>
>> </beans:bean>
>>
>>
>> <beans:bean id="daoAuthenticationProvider"
>> class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
>> <beans:property name="userDetailsService" ref="userDetailsService"/>   </beans:bean>
>>
>> <authentication-provider user-service-ref='userDetailsService'/>
>>
>> <beans:bean id="userService"  class="service.UserService"/>
>>
>> <beans:bean id="userDetailsService" class="security.UserDetailsService"/>
>>
>> </beans:beans>
>>
>>
>>
>>
>
>
>
>

Re: Spring Security and Apache Click - Obtaining username after login?

Posted by C Jennings <co...@yahoo.com>.

Hi Bob -
Thank you very much for pointing me in the right direction. This is exactly what I was missing...how to connect Spring Security's authentication result with a Page class. 

In the end, I used the following approach, which is nearly identical to your suggestion. I couldn't get getContext().getRemoteUser() to work as my project didn't recognize the getContext method. I Googled it and it seemed to suggest I needed the servlet.jar in my classpath. That still didn't resolve the fact that it couldn't recognize getContext(). So I decided to browse through the Page API and found the slightly different approach as shown below in case it helps anyone else with a similiar issue. I used the getContext() from org.apache.Click.Page:

@Component
public class WelcomePage extends BorderPage {

String loginName = getContext().getRequest().getRemoteUser();

//Then used Apache Cayenne to bring back the details on the User object passing in loginName.

Thanks again..

Conor



----- Original Message ----
From: Bob Schellink <sa...@gmail.com>
To: user@click.apache.org
Sent: Fri, March 26, 2010 9:30:22 PM
Subject: Re: Spring Security and Apache Click - Obtaining username after login?

Hi Conor,

After you've logged on with Spring Security the username is available through the Servlet API:

http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletRequest.html#getRemoteUser()

You wouldn't normally display the login name to the user, but rather lookup the user account and 
display the firstname.

public class MyPage extends BorderPage {

   public void onInit() {
     String loginName = getContext().getRemoteUser();
     Customer customer = getCustomerDao().getCustomerByLoginName(loginName);
     addModel("name", customer.getFirstName());
   }
}

mypage.htm

Welcome $name

Hope this helps.

kind regards

bob

On 27/03/2010 11:58 AM, C Jennings wrote:
> Hello -
> I am having difficulty with getting a username's value after I authenticate with Spring Security and am forwarded to a success page, (showWelcome.htm below). Basically, all I am trying to do with a small prototype program is enter a user and password which is authenticated by Spring and then forwards the authenticated user to a Welcome page that says 'Welcome<username>'. However, the value of username is always NULL when I debug it.
>
> I know my configuration is somewhat working because I get only get forwarded to the Welcome page if i enter the correct id and password (which is stored in a mySQL database and the ORM structure is using Cayenne). However, once I enter the correct username and password, I loose the ability to read the username when I am forward to the Welcome page.
>
> I have used the Spring Security Login example on http://www.avoka.com/click-examples/home.htm as the basis for my prototype project.
> Unfortunately, however the login page doesn't really forward you anywhere. I cannot find any information in the Apache Click User Guide either...
>
> Here is my Spring Security set up. If anyone has any suggestions on how I can maintain the session state when I enter the user name and password, I would greatly appreciate it.
>
> Thank you,
>
> Conor
>
> Spring-Security.xml:
>
> <context:component-scan base-package="clickExample"
> scope-resolver="org.apache.click.extras.spring.PageScopeResolver"/>
>
> <http auto-config="true">
> <form-login
> login-page="/login.htm"
> default-target-url="/showWelcome.htm"
> authentication-failure-url="/login.htm?auth-error=1"/>
> <logout invalidate-session="true"  logout-url="/j_spring_security_logout" logout-success-url="/login.htm?loggedout=true"/>
> </http>
>
> <beans:bean id="authenticationManager"
> class="org.springframework.security.providers.ProviderManager">
> <beans:property name="providers">
> <beans:list>
> <beans:ref local="daoAuthenticationProvider" />
> </beans:list>
> </beans:property>
> </beans:bean>
>
>
> <beans:bean id="daoAuthenticationProvider"
> class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
> <beans:property name="userDetailsService" ref="userDetailsService"/>  </beans:bean>
>
> <authentication-provider user-service-ref='userDetailsService'/>
>
> <beans:bean id="userService"  class="service.UserService"/>
>
> <beans:bean id="userDetailsService" class="security.UserDetailsService"/>
>
> </beans:beans>
>
>
>
>

Re: Spring Security and Apache Click - Obtaining username after login?

Posted by Bob Schellink <sa...@gmail.com>.

Hi Conor,

After you've logged on with Spring Security the username is available through the Servlet API:

http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletRequest.html#getRemoteUser()

You wouldn't normally display the login name to the user, but rather lookup the user account and 
display the firstname.

public class MyPage extends BorderPage {

   public void onInit() {
     String loginName = getContext().getRemoteUser();
     Customer customer = getCustomerDao().getCustomerByLoginName(loginName);
     addModel("name", customer.getFirstName());
   }
}

mypage.htm

Welcome $name

Hope this helps.

kind regards

bob

On 27/03/2010 11:58 AM, C Jennings wrote:
> Hello -
> I am having difficulty with getting a username's value after I authenticate with Spring Security and am forwarded to a success page, (showWelcome.htm below). Basically, all I am trying to do with a small prototype program is enter a user and password which is authenticated by Spring and then forwards the authenticated user to a Welcome page that says 'Welcome<username>'. However, the value of username is always NULL when I debug it.
>
> I know my configuration is somewhat working because I get only get forwarded to the Welcome page if i enter the correct id and password (which is stored in a mySQL database and the ORM structure is using Cayenne). However, once I enter the correct username and password, I loose the ability to read the username when I am forward to the Welcome page.
>
> I have used the Spring Security Login example on http://www.avoka.com/click-examples/home.htm as the basis for my prototype project.
> Unfortunately, however the login page doesn't really forward you anywhere. I cannot find any information in the Apache Click User Guide either...
>
> Here is my Spring Security set up. If anyone has any suggestions on how I can maintain the session state when I enter the user name and password, I would greatly appreciate it.
>
> Thank you,
>
> Conor
>
> Spring-Security.xml:
>
> <context:component-scan base-package="clickExample"
> scope-resolver="org.apache.click.extras.spring.PageScopeResolver"/>
>
> <http auto-config="true">
> <form-login
> login-page="/login.htm"
> default-target-url="/showWelcome.htm"
> authentication-failure-url="/login.htm?auth-error=1"/>
> <logout invalidate-session="true"  logout-url="/j_spring_security_logout" logout-success-url="/login.htm?loggedout=true"/>
> </http>
>
> <beans:bean id="authenticationManager"
> class="org.springframework.security.providers.ProviderManager">
> <beans:property name="providers">
> <beans:list>
> <beans:ref local="daoAuthenticationProvider" />
> </beans:list>
> </beans:property>
> </beans:bean>
>
>
> <beans:bean id="daoAuthenticationProvider"
> class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
> <beans:property name="userDetailsService" ref="userDetailsService"/>  </beans:bean>
>
> <authentication-provider user-service-ref='userDetailsService'/>
>
> <beans:bean id="userService"  class="service.UserService"/>
>
> <beans:bean id="userDetailsService" class="security.UserDetailsService"/>
>
> </beans:beans>
>
>
>
>