Home/ Questions/Q 8411273
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T00:23:30+00:00

My application uses Spring Security, and my client requires: users to be able to

  • 0

My application uses Spring Security, and my client requires:

  • users to be able to automatically login after signup.
  • an admin to login as any user without knowing their password.

So I need to figure out how to login as any user automatically without knowing their password.

How can this be accomplished using Spring Security?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To get this to work, I had to:

    Configure a reference to the UserDetailsService (jdbcUserService)

    <authentication-manager>
<authentication-provider>
<jdbc-user-service id="jdbcUserService" data-source-ref="dataSource"
  users-by-username-query="select username,password, enabled from users where username=?" 
  authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =?  " 
/>
</authentication-provider>
</authentication-manager>

    Autowire my userDetailsManager in my controller:

    @Autowired
@Qualifier("jdbcUserService")  // <-- this references the bean id
public UserDetailsManager userDetailsManager;

    In the same controller, authenticate my user like so:

    @RequestMapping("/automatic/login/test")
public @ResponseBody String automaticLoginTest(HttpServletRequest request) 
{
    String username = "anyUserName@YourSite.com";

    Boolean result = authenticateUserAndInitializeSessionByUsername(username, userDetailsManager, request);

    return result.toString();
}

public boolean authenticateUserAndInitializeSessionByUsername(String username, UserDetailsManager userDetailsManager, HttpServletRequest request)
{
    boolean result = true;

    try
    {
        // generate session if one doesn't exist
        request.getSession();

        // Authenticate the user
        UserDetails user = userDetailsManager.loadUserByUsername(username);
        Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
        SecurityContextHolder.getContext().setAuthentication(auth);
    }
    catch (Exception e)
    {
      System.out.println(e.getMessage());

      result = false;
    }

    return result;
}

    Note that a good precursor to just using spring security for your app can be found here.

    • 0