Spring security : auto login issue

Question

i am trying to auto login user after signup. Here is code for auto login

private boolean autoLogin(HttpServletRequest request, User user) {

    SimpleGrantedAuthority auth = new SimpleGrantedAuthority("ADMIN");
    Collection<SimpleGrantedAuthority> authorities = new HashSet<SimpleGrantedAuthority>();
    authorities.add(auth);

    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
            user.getEmail(), user.getPassword(), authorities);

    token.setDetails(new WebAuthenticationDetails(request));
    authenticationManager.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(token);

    return true;
}

and inside an interceptor that check logged in user code is

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

Problem is when i debug the code (after auto login) the principal object has logged in user's email address instead of UserDetails object.

Things working fine when i log in useing spring security login form.

http://stackoverflow.com/questions/4664893/how-to-manually-set-an-authenticated-user-in-spring-security-springmvc?rq=1 i found my answer here — Shahzeb Khan, Mar 06 '14 at 11:36

Rob Lockwood-Blake · Answer 1 · 2014-03-06T11:48:09.737

0

You're missing re-assigning the return from AuthenticationManager.authenticate().

This line:

authenticationManager.authenticate(token);

should be:

token = authenticationManager.authenticate(token);

That should fix things.

edited Mar 06 '14 at 11:48

answered Mar 06 '14 at 11:41

Rob Lockwood-Blake

4,688
24
22

Spring security : auto login issue

1 Answers1