After a user creates their account, I want to log that user on automatically.
I have standard form logins being handled by Springs filter on /postlogin. If I go to http://localhost/postlogin it attempts to log me in (fails because I didn’t include the post parameters), but makes the proper attempt.
But if I want to log the user in programatically and I try to return from the controller: “forward:/postlogin” I get a 404.
I assume the forward: directive is not passing through the filters, thus not getting handled by the UsernamePasswordAuthenticationFilter.
How do I manually induce a login programatically? I want to do this after the user creates a new account (they should be logged into that account immediately upon completion of the registration).
I mis-read another piece of guidance and realized that the correct way of handling this is the following:
1) Manually set the Authentication token on SecurityContextHolder
2) Do Not render a page at this point or use the forward: directive. You must use the redirect: directive.
If you render a page the page will load fine, but the session object will be lost because a new j_session_id will be created but will not make it to the browser mid-request and the next request will use the old j_session_id, loosing the new session object & authetication.
Using the forward: directive will bypass the authentication filters, no good.
But redirect: causes the updated session information to make it to the browser.