Is there a way to do that without using a POST request to "j_spring_security_check"?
+1
A:
I needed the same thing (in my case I wanted to log in a user after they created a new account), so I dug around in the generated RegistrationService and found this is how it is done:
import org.springframework.security.providers.UsernamePasswordAuthenticationToken as AuthToken
import org.springframework.security.context.SecurityContextHolder as SCH
class UserService {
/** The authentication provider. */
def daoAuthenticationProvider
def doLogin(user) {
// note: must use the unhashed password here
def token = new AuthToken(user.email, user.password)
def auth = daoAuthenticationProvider.authenticate(token)
// log the user in
SCH.context.authentication = auth
}
}
Hope that helps.
Note: In my example, I use the email/password to login. The AuthToken
constructor takes whatever you us as your username/password.
RJ Regenold
2010-02-15 19:05:43
how i can use a hashed password?
Lucas
2010-02-15 19:32:52
I'm not sure how you can do that. My first thought is to try and subclass `UsernamePasswordAuthenticationToken`, but I'm not sure how far that will get you. What is the use case? Maybe there is another way to do it?
RJ Regenold
2010-02-16 02:14:09
If you use what I posted on the mailing list it'll work with a hashed password since it doesn't need to call authenticate().
Burt Beckwith
2010-02-16 05:43:40