package ca.intelliware.ihtsdo.mlds.service;
import java.util.Collection;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service;
import ca.intelliware.ihtsdo.mlds.domain.User;
/**
* Service to log a user in from application code.
* @author buckleym
*/
@Service
public class AutologinService {
@Resource
UserDetailsService userDetailsService;
@Resource
HttpServletRequest request;
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
public void loginUser(User user) {
// force creation of http session so Spring Security can persist the auth on filter exit.
request.getSession(true);
UserDetails userDetails = userDetailsService.loadUserByUsername(user.getLogin());
userDetailsChecker.check(userDetails);
Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
Authentication authentication = new UsernamePasswordAuthenticationToken(user.getLogin(), "", authorities);
SecurityContextHolder.getContext().setAuthentication(authentication );
}
}