Results 1 to 5 of 5

Thread: Automatic Authentication AFTER Registration in Controller

  1. Oct 15th, 2010, 07:35 PM #1
    scottland
    scottland is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    Default Automatic Authentication AFTER Registration in Controller

    What is the best way to Authenticate a user from inside a Registration controller so they don't have to log in after they register?

    I do not want to do this in a filter because I want so use a Spring Controller for validation of the registration fields.

    I tried:
    SecurityContextHolder.getContext().setAuthenticati on(new UsernamePasswordAuthenticationToken("name", "password", authorities));

    as specified here:
    http://forum.springsource.org/showthread.php?t=28165

    but as the last message in the thread states, it authenticates the request, but not the session. The next page the user hits, they are no longer authenticated.

    Is there some easy way to manually update the session?
    Reply With Quote Reply With Quote
  2. Oct 17th, 2010, 08:13 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,834

    Default

    Do you have the SecurityContextPersistenceFilter properly setup?
    Rob Winch
    Twitter @rob_winch
    Spring Security Lead
    Spring by Pivotal
    Reply With Quote Reply With Quote
  3. Oct 18th, 2010, 07:20 PM #3
    scottland
    scottland is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    Default How to set up a Spring Filter during the response

    I am assuming so. I have auto-config enabled.

    <http auto-config="true" use-expressions="true">
    <form-login login-processing-url="/j_spring_security_check" />
    </http>
    Last edited by scottland; Oct 20th, 2010 at 06:51 PM.
    Reply With Quote Reply With Quote
  4. Oct 18th, 2010, 08:51 PM #4
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,834

    Default

    The filter saves the value after the filterchain has completed, so as long as it is ran for the request it should work. Is the filter being invoked for that request? Specifically do not have filters="none" and you ensure that the Spring Security Filter mapping is /*.
    Rob Winch
    Twitter @rob_winch
    Spring Security Lead
    Spring by Pivotal
    Reply With Quote Reply With Quote
  5. Oct 20th, 2010, 06:19 PM #5
    scottland
    scottland is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    Default Need to use a ProviderManager to get it to work

    This works:

    ProviderManager authenticationManager = (ProviderManager)WebApplicationContextUtils.getWeb ApplicationContext(context).getBean("authenticatio nManager");
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.username, user.password, [new GrantedAuthorityImpl("ROLE_USER")]);
    token.setDetails(new WebAuthenticationDetails(request));
    Authentication authentication = authenticationManager.authenticate(token);
    SecurityContextHolder.getContext().setAuthenticati on(authentication);


    This does not:

    SecurityContextHolder.getContext().setAuthenticati on(new UsernamePasswordAuthenticationToken(user.username, user.password, [new GrantedAuthorityImpl("ROLE_USER")]));

    I am not 100% clear why I have to use an authenticationManager to get it to work.
    Last edited by scottland; Oct 20th, 2010 at 06:51 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules