Spring Security Integration

[halfbaked]

I think more elegant and robust integration between spring-security integration and the browserFilters could be a good. It would be for me at least. Allow me to share what I have so far.

I can obtain the principal user with the following code. It looks a little ugly, but it works - well for long-polling and sse anyway! It doesn't seem to work for web sockets.

events {
    'newTicket' browser:true, browserFilter: { message, request ->
          def HttpSessionSecurityContextRepository = org.springframework.security.web.context.HttpSessionSecurityContextRepository
         def securityContext = (org.springframework.security.core.context.SecurityContext)request.getSession().getAttribute (HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)
        def personId = securityContext?.authentication?.principal?.id   
    }
}

Stephane, I'm hoping you might have some tips / thoughts... :)

[smaldini]

sorry for the delay, this month is pretty packed ... For the moment I delay that to the events security integration which has to be targeted in the next platform core release.

[sbuettner]

Hi @halfbaked, have a look at this link. Maybe it helps your with your WS-Session-Issue: https://github.com/Atmosphere/atmosphere/wiki/Enabling-HttpSession-Support

[halfbaked]

that looks good for the websockets issue, though I have yet to try it. Gracias Senor!

[sbuettner]

No problem. If it works for you, it could be a nice enhancement for the plugin.

[aro1976]

@halfbaked @sbuettner did you make authorization work? I'm having the same problem here.

[sbuettner]

@aro1976 Have a look at my comment on issue #19 which involves a service that does authorization on a per-request base.

[laamlatay]

What is the status of this issue ? I am facing issues with spring security. I get the following error in my browser console. SSE failed. Downgrading to fallback transport and resending.