I must be doing something wrong here while I tear my hair out - can someone help me please ?
I need to create a stateless web app to be deployed in a round-robin cluster. I need rememberme authentication, and I need to be able to login a user programmatically when they register on the site - a form POST. So I do all this, and following other threads advice in this forum I login creating a new Authentication and programatically login (I believe)
Code:
UserDetails details = myUserDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password,details.getAuthorities() );
logger.debug("Attempting authentication");
Authentication authentication = authManager.authenticate(token);
logger.debug("Logging in with {}", authentication.getPrincipal());
SecurityContextHolder.getContext().setAuthentication(authentication);
This all works OK. Now when I return to the controller code for the form, and do a redirect to the next page (secured) I am presented with the login form. Stepping thru the code and now noting the SecurityContextHolder is cleared on redirect I am presented with my login form - the redirect doesnt go thru the SecurityFilterChain it would seem.
What I want to happen is that the user is taken straight to the next page without login prompt. Is this not possible after a POST submission ?
- I tried with a forward instead and things work as expected, up until the next POST from any subsequent form.
- I tried also creating a rememberMeAuthenticationToken in the same was as UsernamePasswordAuthenticationToken but got an exception about someting (cant remember what but it wasnt encouraging)
- So now, Im stuck - is it just not possible ? Is it because Im running stateless ? Has rememeberMe got something to do with it ? Can I re-establish the authentication somehow on redirect (my preference if possible).
Please help before I have to go back to the boss man and say "it cant be done" !!
Stateless programmatic login on POST
Reply With Quote