0

I have a login form that calls a certain LoginBean, which returns a ajax callback parameter indicating whether the credentials are valid or not. The code is as follows:

public void doLogin() {

    Authentication authenticationRequestToken =
             new UsernamePasswordAuthenticationToken(user, password);

    try {
        Authentication authenticationResponseToken =
                 authenticationManager.authenticate(authenticationRequestToken);

        SecurityContextHolder.getContext().
                     setAuthentication(authenticationResponseToken);

        if (authenticationResponseToken.isAuthenticated()) {
            RequestContext context = RequestContext.getCurrentInstance();
            FacesMessage msg;
            boolean loggedIn = true;
            msg = new FacesMessage(FacesMessage.SEVERITY_INFO, "Welcome", user);
            FacesContext.getCurrentInstance().addMessage(null, msg);
            context.addCallbackParam("loggedIn", loggedIn);
        }
    } .authenticate(...) catches ...

    // Here I need some code that continue whatever j_spring_security_check
    // would do after authenticating.
}

The way my application is working now, after this call to doLogin(), the form is submited to j_spring_security_check, and then the authentication process takes place again, wasting previous work. I'm trying to find a solution for this, any help is appreciated.

So, the bottom line is that I need something that would simulate what happens when j_spring_security_check is intercepted by the filters (or a way to force this interception explicitly), so the processing would take place behind the button, not after the form is submited.

Eliran Malka
  • 15,821
  • 6
  • 77
  • 100
victor
  • 1,532
  • 1
  • 13
  • 32

1 Answers1

0

It will be better if you just forward to the spring security authentication url instead of using the SecurityContextHolder yourself. Look at this code:

public String doLogin() throws ServletException, IOException {

    FacesContext context = FacesContext.getCurrentInstance();

        String springCheckUrl = this.buildSpringSecurityCheckUrl();

        HttpServletRequest request = (HttpServletRequest) context
                .getExternalContext().getRequest();

        RequestDispatcher dispatcher = request
                .getRequestDispatcher(springCheckUrl);

        dispatcher.forward((ServletRequest) request,
                (ServletResponse) context.getExternalContext.getResponse());

        context.responseComplete();

        return null;
    }

    private String buildSpringSecurityCheckUrl() {
        StringBuilder springCheckUrl = new StringBuilder(
                "/j_spring_security_check").append("?").append("j_username")
                .append("=").append(this.userName.trim()).append("&")
                .append("j_password").append("=")
                .append(this.userPassword.trim());
        return springCheckUrl.toString();
    }
}
Eliran Malka
  • 15,821
  • 6
  • 77
  • 100
ElderMael
  • 7,000
  • 5
  • 34
  • 53