how to save user information in session after registration?
greeting all.
Please help me, i will appreciate any answer.
i have a simple web application that within i use than spring security with spring mvc.
i read some articles and i can setup a simple and no complex web application.
im customizing loginpage and change some of dafault behavior of spring security like as changin
action url or j_username , j_password fields.
and its a snipped of my applicationContext-security.xml code
ok every things work fine and ther is no problem until i logining to system and logout.Code:<context:component-scan base-package="com.tosan.statisticapplication"/> <http entry-point-ref="loginUrlAuthenticationEntryPoint" use-expressions="true"> <!--suppress SpringModelInspection --> <custom-filter position="FORM_LOGIN_FILTER" ref="loginFilter"/> <intercept-url pattern="/WEB-INF/pages/login.jsp" access="permitAll"/> <intercept-url pattern="/login/failure.html" access="permitAll"/> <intercept-url pattern="/loginFailure.html" access="permitAll"/> <intercept-url pattern="/styles/**" access="permitAll"/> <intercept-url pattern="/images/**" access="permitAll"/> <intercept-url pattern="/userPage.html" access="permitAll"/> <intercept-url pattern="/index.html" access="permitAll"/> <intercept-url pattern="/register.html" access="permitAll"/> <intercept-url pattern="/authenticateUser.html" access="permitAll"/> <intercept-url pattern="/registeringUser.html" access="permitAll"/> <intercept-url pattern="/login.html" access="permitAll"/> <intercept-url pattern="/favicon.ico" access="permitAll"/> <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.html"/> </http> <beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login.html"/> </beans:bean> <beans:bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <beans:property name="sessionAuthenticationStrategy" ref="sas"/> <beans:property name="usernameParameter" value="userName"/> <beans:property name="passwordParameter" value="password"/> <beans:property name="filterProcessesUrl" value="/authenticateUser"/> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="authenticationSuccessHandler" ref="successHandlerBean"/> <beans:property name="authenticationFailureHandler" ref="failureHandlerBean"/> </beans:bean> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/> <beans:property name="maximumSessions" value="1"/> </beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> <authentication-manager alias="authenticationManager"> <authentication-provider ref="dbAuthenticationProvider"> <jdbc-user-service data-source-ref="dataSource"/> </authentication-provider> </authentication-manager> <beans:bean id="successHandlerBean" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/userPage.html"/> </beans:bean> <beans:bean id="failureHandlerBean" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/loginFailure.html"/> </beans:bean> <beans:bean id="dbAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <beans:property name="userDetailsService" ref="userAuthenticationService"/> </beans:bean> <beans:bean class="com.tosan.statisticapplication.service.user.UserAuthenticationService" id="userAuthenticationService"> <beans:property name="dataSource" ref="dataSource"/> </beans:bean>
bu i have a question at this point when a user want to register i think i must redirecting user to
/authenticateUser after validating username and password and from one way registering userinformation in session,
exactly like as when user logining to system.
so i do this in this way :
but i think this is not proper method.Code:@RequestMapping(value = "registeringUser", method = RequestMethod.POST) public ModelAndView doUserRegistration(UserInformationPasswordConfirmation userInformationPasswordConfirmation, BindingResult bindingResult) { registrationValidation.validate(userInformationPasswordConfirmation, bindingResult); if (bindingResult.hasErrors()) { return new ModelAndView("userRegistration", "userInformationPasswordConfirmation", userInformationPasswordConfirmation); } else { userService.saveUser(userInformationPasswordConfirmation.getUserInformation()); return new ModelAndView("redirect:authenticateUser.html?userName="+userInformationPasswordConfirmation .getUserInformation().getUserName()+"&password="+userInformationPasswordConfirmation .getUserInformation().getPassword(), "userInformation", userInformationPasswordConfirmation.getUserInformation()); } }
is there any better solution?
how can i redirect to a method with "POST" method type?
its my class that load my user from db for extra information:
Code:public class UserAuthenticationService extends JdbcDaoImpl { @Autowired UserService userService; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { UserDetails userDetails = userService.loadUserByUserName(username); if (userDetails != null) { return userDetails; } else { throw new UsernameNotFoundException("Username Not Found"); } } }
Reply With Quote