Automatically logging in a user

[bmgreeley]

Hey everyone,

In my application, I need to automatically login a user after they have registered. I also need to redirect them to a dynamic URL (making defaultTargetUrl specified in the AuthenticationProcessingFilter bean definition a bit obsolete). I've seen numerous ways to do this in the forums:

* Just hit the filterProcessesUrl and let the filters do their work (not sure how to work in a dynamic URL here)
* Calling attemptAuthentication on AuthenticationProcessingFilter (would I be missing any functionality that comes with the HttpSessionContextIntegrationFilter?)
* Move some authentication code to a service

My main goal is to centralize the authentication behavior in my application and avoid adding redundant or potentially buggy security code. Are any of these methods better than the others? Any of these methods more frequently used than others?

Thanks in advance,
Brandon

[jdepaul]

In my application, I need to automatically login a user after they have registered. I also need to redirect them to a dynamic URL (making defaultTargetUrl specified in the AuthenticationProcessingFilter bean definition a bit obsolete).

Consider overriding TargetUrlResolver class which by default is TargetUrlResolverImpl - see AbstractProcessingFilter.java class - you can override the behavior to your liking and then register this resolver in your custom filter. As long as your custom filter inherits from AbstractProcessingFilter this should work.