0 Replies Latest reply on Jul 17, 2007 9:13 PM by Dmitri Moore

    Automatic User Login Upon Registration in Application

    Dmitri Moore Newbie

      Hello,
      I am trying to register a new user in the system and then automatically log him in so he can access secure myaccount.jsp page upon successful registration. The LDAP authentication goes well, no errors. However, when I try to redirect to the secure page, I am still getting login.html page. I want to avoid this extra step and have users be able to view secure resources upon successful registration in the system.
      Am I missing something? Below is a snippet from the test JSP that handles authentication.

      Thank you!


      <%@page import="com.colddata.xxx.account.AccountManager"%>
      <%@ page import="com.colddata.xxx.entity.User" %>
      <%@ page import="java.util.Set" %>
      <%@ page import="javax.security.auth.*" %>
      <%@ page import="javax.security.auth.callback.*" %>
      <%@ page import="javax.security.auth.login.LoginContext" %>
      <%@ page import="javax.security.auth.login.LoginException" %>
      <%@ page import="org.jboss.security.auth.callback.*" %>
      <%@ page import="org.jboss.security.SimplePrincipal" %>

      <%!
      User user = null;
      String nextPage = null;
      %>

      <%

      nextPage = "/testapp/secure/account/myaccount.jsp";

      // Create new user
      user = new User(request);
      AccountManager accountManager = new AccountManager();
      accountManager.createNewUser(user);

      // Programmatically log in new user
      try {
      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      SimplePrincipal principal = new SimplePrincipal(user.getUserID());
      handler.setSecurityInfo(principal, user.getPassword().toCharArray());

      LoginContext loginContext = new LoginContext("security_policy", (CallbackHandler)handler);
      loginContext.login();

      Subject subject = loginContext.getSubject();
      Set principals = subject.getPrincipals();
      principals.add(principal);


      } catch(LoginException e) {
      System.out.println("ERROR: Cannot login user " + user.getUserID() + ". " + e);
      }

      // Redirect to the My Account page
      response.sendRedirect(nextPage);
      out.flush();
      %>