Hello,
I am trying to register a new user in the system and then automatically log him in so he can access secure myaccount.jsp page upon successful registration. The LDAP authentication goes well, no errors. However, when I try to redirect to the secure page, I am still getting login.html page. I want to avoid this extra step and have users be able to view secure resources upon successful registration in the system.
Am I missing something? Below is a snippet from the test JSP that handles authentication.
Thank you!
<%@page import="com.colddata.xxx.account.AccountManager"%>
<%@ page import="com.colddata.xxx.entity.User" %>
<%@ page import="java.util.Set" %>
<%@ page import="javax.security.auth.*" %>
<%@ page import="javax.security.auth.callback.*" %>
<%@ page import="javax.security.auth.login.LoginContext" %>
<%@ page import="javax.security.auth.login.LoginException" %>
<%@ page import="org.jboss.security.auth.callback.*" %>
<%@ page import="org.jboss.security.SimplePrincipal" %>
<%!
User user = null;
String nextPage = null;
%>
<%
nextPage = "/testapp/secure/account/myaccount.jsp";
// Create new user
user = new User(request);
AccountManager accountManager = new AccountManager();
accountManager.createNewUser(user);
// Programmatically log in new user
try {
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal principal = new SimplePrincipal(user.getUserID());
handler.setSecurityInfo(principal, user.getPassword().toCharArray());
LoginContext loginContext = new LoginContext("security_policy", (CallbackHandler)handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(principal);
} catch(LoginException e) {
System.out.println("ERROR: Cannot login user " + user.getUserID() + ". " + e);
}
// Redirect to the My Account page
response.sendRedirect(nextPage);
out.flush();
%>