I am running a GWT application which maintains a user cache in session object. I am using Spring Security 3.0.5.
Following is the code I am using to get session object
ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpSession session = attr.getRequest().getSession(false);
if(session != null)
return session;
else
throw new IllegalStateException("Session Expired");
In hosted mode i.e. jetty server, everything works fine and I am able to retrieve session object but in web mode i.e. tomcat 6, session object is returned null
I am using the following entries in web.xml, required to run the above code
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
UPDATE
Following is the spring security settings I am using
<http>
<intercept-url pattern="/**Phoenix.html*" access="ROLE_ADMIN"/>
<form-login authentication-failure-url="/login.html" default-target-url="/Phoenix.html?gwt.codesvr=127.0.0.1:9997" always-use-default-target="true"/>
<remember-me/>
<logout />
<access-denied-handler error-page="/login.html"/>
<session-management><concurrency-control/></session-management>
</http>
UPDATE
This is happening because in web mode after login
SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString() returns "anonymousUser"
while in hosted mode the same expression returns the login credentials of the user logged in.
Following are the urls I am using
hosted mode: http://127.0.0.1:8888/Phoenix.html?gwt.codesvr=127.0.0.1:9997
web mode: http://localhost:8185/PhoenixMCDemo/Phoenix.html;jsessionid=E56C80258410D102E6B51EFEE5AA0E91
