New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to set current user in the context? #11
Comments
Due to a bug #12 the current version freaks out when Spring Security is used (unless you manually register the beans which largely defeats the purpose of the starter). With that, you should be able to use Spring Security as if SPQR wasn't there. The methods will be intercepted as expected. In addition, the new version will allow easy customization of the context. Currently customizing this is needlessly complicated. If you wish to implement your own authorization mechanism, the easiest way is to place the user in the context and implement a custom |
The way this will work in version 0.0.3 is:
The default factory produces a |
So.. interceptors cannot be used in 0.0.2 because we can't set current user object in the context? |
SPQR 0.9.9 and Spring Starter 0.0.3 are out, so you have everything in place now. See the instructions above on injecting custom global context. Use that to store a reference to the current user. E.g. // A simple POJO to store contextual stuff
public class CustomContext {
private final HttpServletRequest servletRequest;
private final User currentUser;
public CustomContext(HttpServletRequest servletRequest, User currentUser) {
this.servletRequest = servletRequest;
this.currentUser = currentUser;
}
public HttpServletRequest getServletRequest() {
return servletRequest;
}
public getCurrentUser() {
return currentUser;
}
}
// A custom global context factory bean
@Component
public class CustomGlobalContextFactory implements GlobalContextFactory {
@Override
public Object createGlobalContext(GlobalContextFactoryParams params) {
User currentUser = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
return new CustomContext(params.getHttpRequest(), currentUser);
}
} Then, you can always access the If you wish to make a custom authentication inceptor, see this test illustrating the usage. Still, if you're using Spring Security, not only that you don't need to do any of this, you also probably shouldn't... With #12 fixed, Spring Security should work as always, with no custom action needed. |
I couldn't figure out how to store currently authenticated user in the context so that I can use it for authorisation for example. And does this library provide any easy way to do authorisation?
The text was updated successfully, but these errors were encountered: