Programmatically logging in user using spring security

Question

Programmatically logging in user using spring security

Contrast: How to manually log out using spring security?

In my application, I have registered a new user screen, which is sent to the controller, which creates a new user in db (and makes some obvious checks). Then I want this new user to be automatically registered ... I'm kind of something like this:

SecurityContextHolder.getContext().setPrincipal(MyNewUser);

Edit Well, I'm almost implemented based on the answer to How to programmatically register a user using spring Security 3.1

  Authentication auth = new UsernamePasswordAuthenticationToken(MyNewUser, null); SecurityContextHolder.getContext().setPrincipal(MyNewUser);

However, when deployed, jsp cannot access my MyNewUser.getWhateverMethods() , whereas with the normal login procedure. code that works normally but generates an error during registration, as described above:

 <sec:authentication property="principal.firstname" />

+52

spring-mvc spring-security

NimChimpsky Oct 26 '11 at 9:40

source share

3 answers

You can also add your spring protected customized UserDetailsManager to your controller and use it to get UserDetails , in which the main and authorities should avoid code duplication:

 // inject @Autowired private UserDetailsManager manager; // use in your method UserDetails userDetails = manager.loadUserByUsername (token.getUsername ()); Authentication auth = new UsernamePasswordAuthenticationToken (userDetails.getUsername (),userDetails.getPassword (),userDetails.getAuthorities ()); SecurityContextHolder.getContext().setAuthentication(auth);

+28

acohen Feb 27 '13 at 18:48

source share

From the spring AbstractAuthenticationProcessingFilter security source:

 protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException { if (logger.isDebugEnabled()) { logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult); } // you need this SecurityContextHolder.getContext().setAuthentication(authResult); rememberMeServices.loginSuccess(request, response, authResult); if (this.eventPublisher != null) { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); } successHandler.onAuthenticationSuccess(request, response, authResult); }

Note, however, that the SecurityContextHolder usually cleared after the filter chain terminates.

+10

Simeon Oct 26 '11 at 13:00

source share

NimChimpsky · Accepted Answer · 2011-10-26 14:12

In my controller, I have this that logs in the user as usual:

 Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth);

Where user is a user-defined user object (implementing UserDetails) that has just been created. This getAuthorities() method (just because all my users have the same role):

 public Collection<GrantedAuthority> getAuthorities() { //make everyone ROLE_USER Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); GrantedAuthority grantedAuthority = new GrantedAuthority() { //anonymous inner type public String getAuthority() { return "ROLE_USER"; } }; grantedAuthorities.add(grantedAuthority); return grantedAuthorities; }

Programmatically logging in user using spring security

More articles: