AutologinService.java

package ca.intelliware.ihtsdo.mlds.service;

import java.util.Collection;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service;

import ca.intelliware.ihtsdo.mlds.domain.User;

/**
 * Service to log a user in from application code.
 * @author buckleym
 */
@Service
public class AutologinService {
	@Resource
	UserDetailsService userDetailsService;
	
	@Resource
	HttpServletRequest request;
	
	private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();

	public void loginUser(User user) {
		// force creation of http session so Spring Security can persist the auth on filter exit.
		request.getSession(true);
		
		UserDetails userDetails = userDetailsService.loadUserByUsername(user.getLogin());
		userDetailsChecker.check(userDetails);
		Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
		Authentication authentication = new UsernamePasswordAuthenticationToken(user.getLogin(), "", authorities);
		
		SecurityContextHolder.getContext().setAuthentication(authentication );
	}
}