Hi I want my user to be logged in via URL which is secured by spring. URL will contan username as well as password. I tried doing it by sending username and password via controller to customAuthenticationManager and then checked in CustomAuthentication Provider and returned UsernamePasswordAuthenticationToken. when I check isauthenticated flag it shows true but when I try to access a secured page it redirects me to the login page. Where am I going wrong ?
1
votes
I think I need to create session but dont know how.
– user3640507
Providing a username/password in a URL isn't really secure imho. Better to use basic or digest authentication which is supported out-of-the-box by Spring Security. If you really must/want to use your solution remove the controller and create a filter which you add to the Spring Security filter chain.
– M. Deinum
Right now I dont have much options but will definately try to implement the method you told in future!!
– user3640507
1 Answers
0
votes
Its not the best way to do it but try this:
public void login(HttpServletRequest request, String userName, String password)
{
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, password);
// Authenticate the user
Authentication authentication = authenticationManager.authenticate(authRequest);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
// Create a new session and add the security context.
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
}
