How to programmatically log user in with Spring Security 3.1

What's the proper way to programmatically log a web visitor in under a particular username in Spring and Spring Security 3.1? It seems the way I was doing it 开发者_如何学编程under 2.5 has changed a little. I'm sure there's a much better way of doing this now.

Basically, when I create a new user, I need to also log them in at the same time.

Create an Authentication (usually a UsernamePasswordAuthenticationToken) and then call

SecurityContextHolder.getContext().setAuthentication(authentication)

This three lines of code do the work for me:

        Authentication request = new UsernamePasswordAuthenticationToken( username, password );
    Authentication result = authenticationManager.authenticate( request );
    SecurityContextHolder.getContext().setAuthentication( result );

If you are interested in doing this for testing purposes you can do this:

    UserDetails user = _userService.loadUserByUsername(username);
    TestingAuthenticationToken token = new TestingAuthenticationToken(user,null);
    SecurityContextHolder.getContext().setAuthentication(token);

Where user service is your thing that implements UserDetailsService

You can write a custom UsernamePasswordAuthenticationFilter that extends Spring's UsernamePasswordAuthenticationFilter.

Here is the code:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, authResult);
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authResult;
        WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
        String address = details.getRemoteAddress();
        User user = (User) authResult.getPrincipal();
        String userName = user.getUsername();
        System.out.println("Successful login from remote address: " + address + " by username: "+ userName);
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) failed.getAuthentication();
        WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
        String address = details.getRemoteAddress();
        System.out.println("Failed login try from remote address: " + address);
    }
}