On Sun, Feb 20, 2011 at 10:46 PM, Tauren Mills <[email protected]> wrote:
> I'm attempting to create a new member and immediately log the user in within
> the same request, but I'm getting an UnknownAccountException:
>     Realm was unable to find account data for the submitted
> AuthenticationToken
> What's the best way to go about doing this? I've got code that looks like
> this:
>   // Create new member
>   member = memberService.createMember(member);
>
>   // Login new member
>   UsernamePasswordToken token =
>     new UsernamePasswordToken(dto.getUsername(), dto.getPassword(), true);
>   SecurityUtils.getSubject().login(token);  // Exception thrown
> Perhaps there's a better way to accomplish what I need to do. Here's my
> objective:
> 1. User fills in simple signup form (username, password, email) and submits
> it.
> 2. New account is created, and activation email is sent to user
> 3. Profile form is immediately shown to user (even before they activate),
> user enters first name, last name, birthdate, etc.
> 4. User is shown a list of projects they can join, selects some, and joins
> them.
> Steps 3 and 4 don't have to be done now. The user can do them the next time
> they use the system after logging in. But I want to encourage them to take
> care of it right now, while not having lots of required fields in the signup
> form.
> At this point, the user must authenticate their account before they can
> actually use the system. My goal is to allow the user to enter everything
> without interruption, such as having to click an activation link in email,
> or having to login after creating an account. But to update the profile and
> add projects, I need the user to be logged in.
> Any suggestions?
> Thanks,
> Tauren
>
>

Hi Tauren,

I'm not sure why this is happening - there is no reason why your code
can't work the way it is written.  It sounds like a transactional
issue to me.  Are you using Hibernate?  Hibernate will typically flush
the session before performing a query, so the data would be propagated
to the data store before executing the authentication query.  In odd
cases, you might have to 'flush' the session (although this should not
be needed).

If not using hibernate, I would ensure that the data is flushed to the
datastore before performing the query.  I suspect that is why the
authentication query can't 'see' the user data it needs to look up.

If you can't get around the transactional/flush issues, one potential
solution is to store their entered username/password into their
session.  Then have an AuthenticatingFilter that sits in front of the
URLs that you want immediate access to.  If that filter sees the
username/password in the session, and they're not considered logged in
yet, it can log them in automatically before allowing the request
through.  Not as ideal as figuring out the flush issues IMO, but it
should work well.

Best,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

Reply via email to