programmatically login

**17dufa** · Jul 17th, 2012, 04:13 PM

hello,
I have 'special url' allowed for IS_AUTHENTICATED_ANONYMOUSLY and scenario:
1. browser sends request to this url
2. in server logic I decide what authority will be work then and login it
3. browser gets page and user starts work with system as authority from 2.
my code is:

Code:

  private def loginUser(username) {
    UserDetails userDetails = userDetailsService.loadUserByUsername(username);
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(
        userDetails, userDetails.getPassword(), userDetails.getAuthorities()));
    }

it works inside one request. when user tries to open some server urls from page he gets login page as unauthorized person.

**arthomps** · Jul 17th, 2012, 05:12 PM

Originally Posted by 17dufa

hello,
I have 'special url' allowed for IS_AUTHENTICATED_ANONYMOUSLY and scenario:
1. browser sends request by this url
2. in server logic I decide what authority will be work then and login it
3. browser gets page and user starts work with system as authority from 2.
my code is:

Code:

  private def loginUser(username) {
    UserDetails userDetails = userDetailsService.loadUserByUsername(username);
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(
        userDetails, userDetails.getPassword(), userDetails.getAuthorities()));
    }

it works inside one request. when user tries to open some server urls from page he gets login page as unauthorized person.

Have you taken a look at http://static.springsource.org/sprin...serFilter.html ?

This seems a safer way to be able to switch roles during runtime. And if not, a decent starting point for how to implement what you're proposing.

Thread: programmatically login

Thread Tools

Display

programmatically login

Posting Permissions