Announcement Announcement Module
No announcement yet.
Stateless programmatic login on POST Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stateless programmatic login on POST

    I must be doing something wrong here while I tear my hair out - can someone help me please ?

    I need to create a stateless web app to be deployed in a round-robin cluster. I need rememberme authentication, and I need to be able to login a user programmatically when they register on the site - a form POST. So I do all this, and following other threads advice in this forum I login creating a new Authentication and programatically login (I believe)

    UserDetails details = myUserDetailsService.loadUserByUsername(username);
    		      UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password,details.getAuthorities() );
    		      logger.debug("Attempting authentication");
    		      Authentication authentication = authManager.authenticate(token);
    		      logger.debug("Logging in with {}", authentication.getPrincipal());
    This all works OK. Now when I return to the controller code for the form, and do a redirect to the next page (secured) I am presented with the login form. Stepping thru the code and now noting the SecurityContextHolder is cleared on redirect I am presented with my login form - the redirect doesnt go thru the SecurityFilterChain it would seem.

    What I want to happen is that the user is taken straight to the next page without login prompt. Is this not possible after a POST submission ?
    • I tried with a forward instead and things work as expected, up until the next POST from any subsequent form.
    • I tried also creating a rememberMeAuthenticationToken in the same was as UsernamePasswordAuthenticationToken but got an exception about someting (cant remember what but it wasnt encouraging)
    • So now, Im stuck - is it just not possible ? Is it because Im running stateless ? Has rememeberMe got something to do with it ? Can I re-establish the authentication somehow on redirect (my preference if possible).

    Please help before I have to go back to the boss man and say "it cant be done" !!

  • #2
    I'll answer my own question - yes, I needed to use RememberMeServices.loginSuccess, and to use it with the encoded password from retrieved from the User in UserDetails service. It then sets a new rememberMeToken, and when the redirect happens, it is invoked again and the compare works against the again UserDetails retrieved User object.