ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

cancel
Showing results for 
Search instead for 
Did you mean: 
ahmed_mahfouz
Member II

ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

I have implemented a small widget to allow the users to add comments to a task. I use AngularJS and I use activiti-reset and I pass the basic authentication hash as a http header. the problem that authenticatedUserIdThreadLocal.get() is inconsistent and it doesn't return always the authenticated and sometimes it returns null.

as you can see in the picture the user id is available and printed. but just in the middle there was no user id.

Any idea how to resolve such issue? I would really appreciate it.

4 Replies
gdharley
Intermediate

Re: ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

Have you tried simply using the authentication object?

SecurityContextHolder.getContext().getAuthentication().getPrincipal()

This should hold the user principal for any of your secure rest calls.

Greg

ahmed_mahfouz
Member II

Re: ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

Actually I didn't do a custom implementation this is the existing implementation for AddCommentCmd in activiti-engine:

String userId = Authentication.getAuthenticatedUserId();
CommentEntity comment = new CommentEntity();
comment.setUserId(userId);
comment.setType( (type == null)? CommentEntity.TYPE_COMMENT : type );
comment.setTime(commandContext.getProcessEngineConfiguration().getClock().getCurrentTime());
comment.setTaskId(taskId);
comment.setProcessInstanceId(processInstanceId);
comment.setAction(Event.ACTION_ADD_COMMENT);

Also the issue that sometimes if other user just logged in  Authentication.getAuthenticatedUserId(); returns the other username instead of my username I am not sure how the threads are sharing the same value.

ahmed_mahfouz
Member II

Re: ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

I implemented a workaround by creating a filter to set the username every time I do a rest call to activiti-reset:

@Component
public class AuthenticationFilter implements Filter {

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
          HttpServletRequest request = (HttpServletRequest) req;
          String username=request.getUserPrincipal().getName();
          Authentication.setAuthenticatedUserId(username);
          chain.doFilter(req, res);
}

@Override
public void destroy() {
}

@Override
public void init(FilterConfig arg0) throws ServletException {
}

gdharley
Intermediate

Re: ThreadLocal<String> authenticatedUserIdThreadLocal sometimes null

You really shouldnt have needed to implement a new filter.
Your own filter logic indicates the use principal is included in the request.

However, I'm glad you found a work around.

Greg