Announcement Announcement Module
No announcement yet.
Auto Login Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Auto Login

    I have an Off The Shelf product that uses Spring Security (2.0 now moving to 3.0). This product requires that I have a user authenticated via Spring Security to work correctly. But my client doesn't want users to have to login.

    I'm trying to figure out how to get Spring Security to automatically login anyone with a specific user. I can hard code that user/password in the spring security but I can't figure out where to put the code to authenticate a user without the user getting a login page.

    Does anyone know what the correct approach is to accomplishing this?

  • #2
    If your client doesn't want the users having to login, then there's no real point to using Spring Security. If you don't want to strip out all of the already built security, then you could presumably have a an <intercept-url> like the following, and no others.

    <intercept-url pattern="/**" filters="none"/>

    This would work ok if the app only uses intercept-url to secure resources. You may run into issues though if security has been applied at the class level, method level or even in the views (JSP) themselves.


    • #3
      The client doesn't want users to login but the application does expect Spring Security. It uses the user service to get user information and all components in the application are tied to the user from the user service.

      So I have to keep spring security and have a user authenticate for the application to work even though I want the authentication to happen behind the scenes.


      • #4
        Have a look at and see if that might help you.