CAS Server
  1. CAS Server
  2. CAS-1001

TicketOrCredentialPrincipalResolver results in ClassCastException when implementing own UserDetails implementation

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.4.8
    • Fix Version/s: 3.4.9
    • Component/s: Infrastructure
    • Labels:
      None

      Description

      The method

      protected String resolveFromInternal(final JoinPoint joinPoint)

      should be casting the authentication.getPrincipal() to a UserDetails object instead of a User object.
      Original code:

      return ((User) authentication.getPrincipal()).getUsername();
      

      Change request:

      return ((UserDetails) authentication.getPrincipal()).getUsername();
      

        Activity

        Hide
        Scott Battaglia added a comment -

        I'm not sure I follow. We don't use UserDetails in the CAS server code base. User and UserDetails are Spring Security concepts.

        Show
        Scott Battaglia added a comment - I'm not sure I follow. We don't use UserDetails in the CAS server code base. User and UserDetails are Spring Security concepts.
        Hide
        Scott Belnap added a comment -

        Patch file

        Show
        Scott Belnap added a comment - Patch file
        Hide
        Scott Battaglia added a comment -

        I'll see if I can investigate and slip this in. 3.4.9 is out pretty soon.

        Show
        Scott Battaglia added a comment - I'll see if I can investigate and slip this in. 3.4.9 is out pretty soon.
        Hide
        Scott Belnap added a comment -

        org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver.resolveFromInternal uses some spring security code to try and resolve the principal. I believe TicketOrCredentialPrincipalResolver should be using the UserDetails to get the username and not the User implementation of UserDetails.

        Show
        Scott Belnap added a comment - org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver.resolveFromInternal uses some spring security code to try and resolve the principal. I believe TicketOrCredentialPrincipalResolver should be using the UserDetails to get the username and not the User implementation of UserDetails.

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Scott Belnap
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: