Re: [appfuse-user] Automatic login with Acegi

Wed, 05 Dec 2007 08:04:31 -0800 

I think the code you're referring to is:

// log user in automatically
Authentication auth = new
UsernamePasswordAuthenticationToken(user.getUsername(),                 
user.getConfirmPassword());
try {
   ProviderManager authenticationManager = (ProviderManager)
getBean("authenticationManager");
  
SecurityContextHolder.getContext().setAuthentication(authenticationManager.doAuthentication(auth));
} catch (NoSuchBeanDefinitionException n) {
    // ignore, should only happen when testing
}

The problem here is that you use the clean text password,
getConfirmPassword(), to create the authentication token.  I have an SLA
with my client stating that I will at no time store a clean text password in
the database :S

Any ideas ? :(

*************************

mraible wrote:
> 
> If you look in SignupFormController, you can see the code that's used  
> to programmatically login the user. Maybe you can use this?
> 
> Matt
> 
> On Dec 5, 2007, at 7:37 AM, Zakir wrote:
> 
>>
>> Hello experts.
>> To preface, I am using Acegi 1.9.4 with Spring.
>>
>> Is there any way I can log a user in automatically without their  
>> password?
>> Here is my intended process flow:
>>
>> 1. user signs up to the site, and fills in all the details (email,  
>> password,
>> name, etc.)
>> 2. system saves the user info (including a hashed version of  
>> password), and
>> also creates an activation code and saves it.
>> 3. User is sent a link that contains the activation code.
>> 4. after clicking the activation link, the system pulls the user,  
>> enables
>> it....
>>
>> At step 4, I want to log the user in automatically, instead of  
>> prompting
>> them to enter their password again. I only have their hashed  
>> password. Is
>> there any way I can do this?
>>
>> Thanks:)
>>
>> -- 
>> View this message in context: http://www.nabble.com/Automatic-login- 
>> with-Acegi-tf4950397s2369.html#a14174045
>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Automatic-login-with-Acegi-tf4950397s2369.html#a14174671
Sent from the AppFuse - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to