I figured it out. You can do something like this:
Authentication auth = new UsernamePasswordAuthenticationToken(user,
user.getPassword(),
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
When you create the Authentication object and specify the gratedAuthorities,
it automatically sets authenticated to true.
Zakir wrote:
>
> I think the code you're referring to is:
> // log user in automatically
> Authentication auth = new
> UsernamePasswordAuthenticationToken(user.getUsername(),
> user.getConfirmPassword());
> try {
> ProviderManager authenticationManager = (ProviderManager)
> getBean("authenticationManager");
>
> SecurityContextHolder.getContext().setAuthentication(authenticationManager.doAuthentication(auth));
> } catch (NoSuchBeanDefinitionException n) {
> // ignore, should only happen when testing
> }
>
> The problem here is that you use the clean text password,
> getConfirmPassword(), to create the authentication token. I have an SLA
> with my client stating that I will at no time store a clean text password
> in the database :S
>
> Any ideas ? :(
>
> *************************
>
> mraible wrote:
>>
>> If you look in SignupFormController, you can see the code that's used
>> to programmatically login the user. Maybe you can use this?
>>
>> Matt
>>
>> On Dec 5, 2007, at 7:37 AM, Zakir wrote:
>>
>>>
>>> Hello experts.
>>> To preface, I am using Acegi 1.9.4 with Spring.
>>>
>>> Is there any way I can log a user in automatically without their
>>> password?
>>> Here is my intended process flow:
>>>
>>> 1. user signs up to the site, and fills in all the details (email,
>>> password,
>>> name, etc.)
>>> 2. system saves the user info (including a hashed version of
>>> password), and
>>> also creates an activation code and saves it.
>>> 3. User is sent a link that contains the activation code.
>>> 4. after clicking the activation link, the system pulls the user,
>>> enables
>>> it....
>>>
>>> At step 4, I want to log the user in automatically, instead of
>>> prompting
>>> them to enter their password again. I only have their hashed
>>> password. Is
>>> there any way I can do this?
>>>
>>> Thanks:)
>>>
>>> --
>>> View this message in context: http://www.nabble.com/Automatic-login-
>>> with-Acegi-tf4950397s2369.html#a14174045
>>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Automatic-login-with-Acegi-tf4950397s2369.html#a14177716
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
