[jboss-user] [Security & JAAS/JBoss] - Automatic User Login Upon Registration in Application

colddata do-not-reply at jboss.com
Tue Jul 17 21:13:09 EDT 2007 

Hello,
I am trying to register a new user in the system and then automatically log him in so he can access secure myaccount.jsp page upon successful registration. The LDAP authentication goes well, no errors. However, when I try to redirect to the secure page, I am still getting login.html page. I want to avoid this extra step and have users be able to view secure resources upon successful registration in the system. 
Am I missing something? Below is a snippet from the test JSP that handles authentication. 

Thank you!


<%@page import="com.colddata.xxx.account.AccountManager"%>
<%@ page import="com.colddata.xxx.entity.User" %>
<%@ page import="java.util.Set" %>
<%@ page import="javax.security.auth.*" %>
<%@ page import="javax.security.auth.callback.*" %>
<%@ page import="javax.security.auth.login.LoginContext" %>
<%@ page import="javax.security.auth.login.LoginException" %>
<%@ page import="org.jboss.security.auth.callback.*" %>
<%@ page import="org.jboss.security.SimplePrincipal" %>

<%!
	User user = null;
	String nextPage = null;
%>

<%

	nextPage = "/testapp/secure/account/myaccount.jsp";
	
	// Create new user
	user = new User(request);
	AccountManager accountManager = new AccountManager();
	accountManager.createNewUser(user);
	
	// Programmatically log in new user
	try	{
		SecurityAssociationHandler handler = new SecurityAssociationHandler();
		SimplePrincipal principal = new SimplePrincipal(user.getUserID());
		handler.setSecurityInfo(principal, user.getPassword().toCharArray());
		
		LoginContext loginContext = new LoginContext("security_policy", (CallbackHandler)handler);
		loginContext.login();
		
		Subject subject = loginContext.getSubject();
		Set principals = subject.getPrincipals();
		principals.add(principal);

		
	} catch(LoginException e) { 
		System.out.println("ERROR: Cannot login user " + user.getUserID() + ". " + e);
	}

	// Redirect  to the My Account page
	response.sendRedirect(nextPage);
	out.flush();
%>

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4065224#4065224

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4065224

More information about the jboss-user mailing list