Programmatic login in Spring Security 2

Question

Programmatic login in Spring Security 2

I am trying to find a way to skip the login form when the user clicks on the "activate account" link he received by email. This link contains a one-time random token that can serve as an authentication method.

As a result of this, I can get the user information and activate their account, but I have not yet found a way to log in programmatically.

I'm looking for a way to implement something like this:

void forceLogin (string username);

Is it possible?

My spring config is:

<http>
<intercept-url pattern="/userAccount/logout.do" access="ROLE_USER"/>
... (More intercepts)

<form-login login-page="/userAccount/login.do"
  authentication-failure-url="/userAccount/login.do?failure=true"
  login-processing-url="/userAccount/j_spring_security_check.do"
  always-use-default-target="false"
  default-target-url="/userAccount/redirectAfterLogin.do"
  />

<anonymous />
<logout logout-url="/userAccount/logout.do" />
</http>

+2

spring authentication spring-security

Manolo santos May 11 '10 at 12:02

a source to share

1 answer

Gandalf · Accepted Answer · 2010-05-11T18:29:43+0000

It looks like you should write your own PreAuthenticationFilter .

I would subclass AbstractPreAuthenticatedProcessingFilter

similar to this:

public class TokenAuthFilter extends AbstractPreAuthenticatedProcessingFilter {

   protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
      String token = request.getAttribute("customToken");
      //... look up user details based on this token
     String username = UserDao.getUserbyToken(token);
     return username;
   }

}

Then, in your Spring XML Security Configuration, add the following line:

<bean id="tokenAuth" class="...TokenAuthFilter" >
   <security:custom-filter position="PRE_AUTH_FILTER" />
</bean>

Not 100% complete, but you need to get started.

Programmatic login in Spring Security 2

More articles: