cancel
Showing results for 
Search instead for 
Did you mean: 

ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

ahmed_mahfouz
Champ in-the-making
Champ in-the-making

I have implemented a small widget to allow the users to add comments to a task. I use AngularJS and I use activiti-reset and I pass the basic authentication hash as a http header. the problem that authenticatedUserIdThreadLocal.get() is inconsistent and it doesn't return always the authenticated and sometimes it returns null.

as you can see in the picture the user id is available and printed. but just in the middle there was no user id.

Any idea how to resolve such issue? I would really appreciate it.

4 REPLIES 4

gdharley
Elite Collaborator
Elite Collaborator

Have you tried simply using the authentication object?

SecurityContextHolder.getContext().getAuthentication().getPrincipal()

This should hold the user principal for any of your secure rest calls.

Greg

Actually I didn't do a custom implementation this is the existing implementation for AddCommentCmd in activiti-engine:

String userId = Authentication.getAuthenticatedUserId();
CommentEntity comment = new CommentEntity();
comment.setUserId(userId);
comment.setType( (type == null)? CommentEntity.TYPE_COMMENT : type );
comment.setTime(commandContext.getProcessEngineConfiguration().getClock().getCurrentTime());
comment.setTaskId(taskId);
comment.setProcessInstanceId(processInstanceId);
comment.setAction(Event.ACTION_ADD_COMMENT);

Also the issue that sometimes if other user just logged in  Authentication.getAuthenticatedUserId(); returns the other username instead of my username I am not sure how the threads are sharing the same value.

ahmed_mahfouz
Champ in-the-making
Champ in-the-making

I implemented a workaround by creating a filter to set the username every time I do a rest call to activiti-reset:

@Component
public class AuthenticationFilter implements Filter {

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
          HttpServletRequest request = (HttpServletRequest) req;
          String username=request.getUserPrincipal().getName();
          Authentication.setAuthenticatedUserId(username);
          chain.doFilter(req, res);
}

@Override
public void destroy() {
}

@Override
public void init(FilterConfig arg0) throws ServletException {
}

You really shouldnt have needed to implement a new filter.
Your own filter logic indicates the use principal is included in the request.

However, I'm glad you found a work around.

Greg

Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.