I have a problem where I can't seem to get my Spring MVC application to recognize a change in the user principal. The application I am using implements a preAuthentication mechanism for authentication. The problem occurs when a user logs into my authentication system, logs out, and then a new user logs back in. The custom authentication system seems to be working fine meaning the problem must be with my Spring code.
Due to the PreAuthentication I have implemented an AuthenticationUserDetailsService that overrides the loadUserDetails method to populate a custom UserDetails object. The Authentication token that is passed to this method contains the correct principal (which is why I know my authentication is working properly). However, in my first controller I get the user principal from the request and it still contains the old user. Any ideas as to what might be happening here? I've pasted relevant portions of my code below:
The AuthenticationUserDetailsService:
public class FstrfUserDetailsService implements AuthenticationUserDetailsService {
public UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
/*logging this username confirms that the token contains the correct user information*/
String username = (String) token.getPrincipal();
/***There is custom code here to populate a custom UserDetails object***/
/*this object contains the new and correct user information*/
return UserDetailsObject
}
}
The Controller:
@Controller
@SessionAttributes({"sequences", "sequenceAndModuleSelect", "breadcrumbs"})
public class SearchSequencesController {
/*This is the first method to be called by this controller*/
@RequestMapping("/search.htm")
public String setupSearchCriteria(HttpServletRequest request, ModelMap model){
/*retrieve my custom UserDetails object from the Security Context and add the username to the model*/
BurqUser user = (BurqUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
model.addAttribute("testUsername", user.getUsername());
return "searchSequences";
}
}
The "searchSequences" view jsp:
<%
/*print the username from the request as well as from the model. These all still contain the OLD user information for some reason*/
out.println("<p>User: " + request.getUserPrincipal().getName() + "</p>");
out.println("<p>Remote user: " + request.getRemoteUser() + "</p>");
%>
<c:out value="testing: ${testUsername}"/>