hey all i want to make an auto login after successful registration in spring meaning: i have a protected page which requires login to access them and i want after registration to skip the login page and make an auto login so the user can see that protected page, got me ? i am using spring 3.0 , spring security 3.0.2 how to do so ?
It can be safe to auto login if the user already has an active session as the correct user during the confirmation step. If you think about it, it's not actually "automatically logging them in" but simply keeping them logged in as they was before. During all that time, there was no reason to end the session.
You can securely save host domain user credentials (Windows logon credentials) by using the auto-login feature. Once enabled, you can automatically log in to your host computer from the same client computer without entering the domain username and password. The feature is enabled by default for Personal and Pro users.
The UsernamePasswordAuthenticationToken is an implementation of interface Authentication which extends the interface Principal . Principal is defined in the JSE java. security . UsernamePasswordAuthenticationToken is a concept in Spring Security which implements the Principal interface.
Auto-login may save you time and energy, but it can also save thieves or hackers time and energy. If you have pretty much everything you use on an active basis set to auto-login, and if someone else gets access to your phone itself, they will have immediate access to everything you do.
This can be done with spring security in the following manner(semi-psuedocode):
import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; @Controller public class SignupController { @Autowired RequestCache requestCache; @Autowired protected AuthenticationManager authenticationManager; @RequestMapping(value = "/account/signup/", method = RequestMethod.POST) public String createNewUser(@ModelAttribute("user") User user, BindingResult result, HttpServletRequest request, HttpServletResponse response) { //After successfully Creating user authenticateUserAndSetSession(user, request); return "redirect:/home/"; } private void authenticateUserAndSetSession(User user, HttpServletRequest request) { String username = user.getUsername(); String password = user.getPassword(); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); // generate session if one doesn't exist request.getSession(); token.setDetails(new WebAuthenticationDetails(request)); Authentication authenticatedUser = authenticationManager.authenticate(token); SecurityContextHolder.getContext().setAuthentication(authenticatedUser); } }
Update: to only contain how to create the session after the registration
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With