Announcement Announcement Module
No announcement yet.
Automatic Authentication AFTER Registration in Controller Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Automatic Authentication AFTER Registration in Controller

    What is the best way to Authenticate a user from inside a Registration controller so they don't have to log in after they register?

    I do not want to do this in a filter because I want so use a Spring Controller for validation of the registration fields.

    I tried:
    SecurityContextHolder.getContext().setAuthenticati on(new UsernamePasswordAuthenticationToken("name", "password", authorities));

    as specified here:

    but as the last message in the thread states, it authenticates the request, but not the session. The next page the user hits, they are no longer authenticated.

    Is there some easy way to manually update the session?

  • #2
    Do you have the SecurityContextPersistenceFilter properly setup?


    • #3
      How to set up a Spring Filter during the response

      I am assuming so. I have auto-config enabled.

      <http auto-config="true" use-expressions="true">
      <form-login login-processing-url="/j_spring_security_check" />
      Last edited by scottland; Oct 20th, 2010, 06:51 PM.


      • #4
        The filter saves the value after the filterchain has completed, so as long as it is ran for the request it should work. Is the filter being invoked for that request? Specifically do not have filters="none" and you ensure that the Spring Security Filter mapping is /*.


        • #5
          Need to use a ProviderManager to get it to work

          This works:

          ProviderManager authenticationManager = (ProviderManager)WebApplicationContextUtils.getWeb ApplicationContext(context).getBean("authenticatio nManager");
          UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.username, user.password, [new GrantedAuthorityImpl("ROLE_USER")]);
          token.setDetails(new WebAuthenticationDetails(request));
          Authentication authentication = authenticationManager.authenticate(token);
          SecurityContextHolder.getContext().setAuthenticati on(authentication);

          This does not:

          SecurityContextHolder.getContext().setAuthenticati on(new UsernamePasswordAuthenticationToken(user.username, user.password, [new GrantedAuthorityImpl("ROLE_USER")]));

          I am not 100% clear why I have to use an authenticationManager to get it to work.
          Last edited by scottland; Oct 20th, 2010, 06:51 PM.