programatically login to spring security

Hi
the "@PreAuthorize("isAuthenticated()")" not really working.

I login like this:

Code:

List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); authorities.add(new GrantedAuthorityImpl("ROLE_USER")); Authentication auth = new UsernamePasswordAuthenticationToken(username, password, authorities); SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(auth); // Create a new session and add the security context. request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext);

spring-security.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http use-expressions="true"> <form-login login-page="/index.htm" /> <logout logout-url="/logout.htm" /> </http> <global-method-security pre-post-annotations="enabled"> </global-method-security> <authentication-manager alias="authenticationManager" /> </beans:beans>

Please help
thanks
from Peter (cmk128@hotmail.com)

Quote:

Originally Posted by mcheung63

Hi
the "@PreAuthorize("isAuthenticated()")" not really working.

This doesn't tell us much. How is it not working? What is the tag on? How are you creating the object that use @PreAuthorize?

PS: In the future please use code tags for anything that requires formatting (i.e. code, config, logs, etc)

Hi
Without login, i still able to jump into the controller, in the jsp can i dump out the role, so i am sure i haven't login yet.

See if this helps http://static.springsource.org/sprin...in-web-context