greetings all i am using the following method to make an auto login for user after registration to access an authenticated page:
public static void autoLogin(User user, HttpServletRequest request,
AuthenticationManager authenticationManager) {
GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl(
user.getAuthority()) };
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getEmail(), user.getPasswordBeforeHashing(),
grantedAuthorities);
// generate session if one doesn't exist
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
// setting role to the session
request
.getSession()
.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext());
}
note: registration page have the rule that no filters are applied on it in security.xml file.
after the auto login i redirect the user to an authenticated page something like
it works fine with such behaviour
but when i try to redirect the user to the same page under a subDomain,something like
http://www.x.appName.come/page (we have the rule in apache that *.appName is the same like appName)
it doesn't go the page and considers the user un-authenticated and redirects him to the login page, any ideas why such behaviour occurs ?