spring security manual login
Question
I am using spring security and want to login my users manually.
my controller looks like this:
@RequestMapping("/login")
public String login() {
Authentication authenticationResult = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user2", "password"));
SecurityContextHolder.getContext().setAuthentication(authenticationResult);
return "redirect:/";
}
I found an example in the docs where such a login is made.
I just wanted to ask whether there are any downsides or security issues with this approach?
EDIT: If someone can point me to the class (&docs?) where the default spring /login request ist handled it might also answer my question as i could look how the login process is implemented spring internally
1 answers
solution1
0 2015-10-01 01:36:05
This is a work around when we need to do some process before the user logs in. The actual problem comes when you do the following things. Of course these are not problems :-).
- If You are using spring remember-me token or custom authentication providers.
- When you are using encrypted passwords in your DB.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.