On Sun, Feb 20, 2011 at 10:46 PM, Tauren Mills <[email protected]> wrote: > I'm attempting to create a new member and immediately log the user in within > the same request, but I'm getting an UnknownAccountException: > Realm was unable to find account data for the submitted > AuthenticationToken > What's the best way to go about doing this? I've got code that looks like > this: > // Create new member > member = memberService.createMember(member); > > // Login new member > UsernamePasswordToken token = > new UsernamePasswordToken(dto.getUsername(), dto.getPassword(), true); > SecurityUtils.getSubject().login(token); // Exception thrown > Perhaps there's a better way to accomplish what I need to do. Here's my > objective: > 1. User fills in simple signup form (username, password, email) and submits > it. > 2. New account is created, and activation email is sent to user > 3. Profile form is immediately shown to user (even before they activate), > user enters first name, last name, birthdate, etc. > 4. User is shown a list of projects they can join, selects some, and joins > them. > Steps 3 and 4 don't have to be done now. The user can do them the next time > they use the system after logging in. But I want to encourage them to take > care of it right now, while not having lots of required fields in the signup > form. > At this point, the user must authenticate their account before they can > actually use the system. My goal is to allow the user to enter everything > without interruption, such as having to click an activation link in email, > or having to login after creating an account. But to update the profile and > add projects, I need the user to be logged in. > Any suggestions? > Thanks, > Tauren > >
Hi Tauren, I'm not sure why this is happening - there is no reason why your code can't work the way it is written. It sounds like a transactional issue to me. Are you using Hibernate? Hibernate will typically flush the session before performing a query, so the data would be propagated to the data store before executing the authentication query. In odd cases, you might have to 'flush' the session (although this should not be needed). If not using hibernate, I would ensure that the data is flushed to the datastore before performing the query. I suspect that is why the authentication query can't 'see' the user data it needs to look up. If you can't get around the transactional/flush issues, one potential solution is to store their entered username/password into their session. Then have an AuthenticatingFilter that sits in front of the URLs that you want immediate access to. If that filter sees the username/password in the session, and they're not considered logged in yet, it can log them in automatically before allowing the request through. Not as ideal as figuring out the flush issues IMO, but it should work well. Best, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com
