I have created a custom UserDetails implementation that contains my existing User object, as well as the user name, pass, ect. Is there any way that I can access that object using jstl <c:out ... />. ie. I would like to put a welcome message in the header of each page, the info is stored in the UserDetailsImpl.

Thanks,
Dan

You can access it via:

((SecureContext) ContextHolder.getContext()).getAuthentication().ge tPrincipal()

The getPrincipal() returns an Object. If you are running DaoAuthenticationProvider with forcePrincipalAsString = false (the default) you will be able to cast that Object to UserDetails. If you've set this property to true, it will be a String representation of the username.

Ben,

That is how I am accessing it from my controller. That is fine, but I was looking for a way to access the context from, for instance, a header file that gets included in every request. It is not a problem if that can't be done. I already created a filter that will add that to the request when the SecureContext exists, this way it is available to every request.

Dan

Hi Dan

Your approach would work as a general-purpose solution. Alternatively, you can always read it directly from the HttpSession attribute keyed against net.sf.acegisecurity.ui.webapp.HttpSessionIntegrat ionFilter.ACEGI_SECURITY_AUTHENTICATION_KEY if you're using the default HttpSession-based storage of the user credentials.

Generally it's a view-specific issue to expose the Authentication more easily. You could add it to the Model returned by your controller. Or use a taglib like net.sf.acegisecurity.taglibs.authz.AuthorizeTag. Or (as we do with FreeMarer) extend FreeMarkerView and add it in the protected void exposeHelpers(Map, HttpServletRequest) method so it's accessible to a FreeMarker macro.

Ben,

Thanks for you input. I think for right now, the filter will work fine. I am limiting what type of session attibutes the view can access, and I don't want to make every call the controller returns have to check for that info in the request. The filter seems like a viable solution.

Thanks again.
Dan

Although probably not recommended:

<c:out value="${sessionScope['ACEGI_SECURITY_AUTHENTICATION'].pr incipal.username}"/>

This worked for me.