17

I have the following code (attempting to log a user in programatically):

List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
...
User tempUser = new User(correctUsername, 
    correctPassword, 
    true, true, true, true, // logging them in...
    authorities // type is List<GrantedAuthority>
);
...
Authentication authentication 
    = new UsernamePasswordAuthenticationToken(tempUser, authorities);
    // I'm using authorities again (List<GrantedAuthority>)
    // is this the right spot for it?
...
// this is the line causing the error
authentication.setAuthenticated(true);

When I try to run that I get the following:

java.lang.IllegalArgumentException: Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead

Note that I'm using the authorities list of GrantedAuthoritys both in the User and Authentication objects. I'm not sure where I should be using those. I'm trying to replicate the answer for another SO question but am running into the exception posted above. Other similar questions that didn't quite answer my question:

After some searching the closest I've found to an answer was at the forum at springsource.org, and that person's using a deprecated method, but it's a similar approach. How can I log a user in programatically?

Improve this question
2
  • 1
    Which line is causing the problem? Commented Nov 14, 2011 at 23:01
  • the last one; with the comment above it that says 'this is the line causing the error (authentication.setAuthenticated(true);) Commented Nov 15, 2011 at 14:34

1 Answer 1

Reset to default
26

You dont have to explicitly call authentication.setAuthenticated(true) (in fact, you are not allowed). The constructor does that for you.

You are, however, invoking the wrong constructor. You should be calling:

Authentication authentication 
    = new UsernamePasswordAuthenticationToken(tempUser, password, authorities);

Check the javadoc for UsernamePasswordAuthenticationToken.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Awesome! thanks very much. Could I ask why both the User and UsernamePasswordAuthenticationToken constructors need a list of grantedauthorities? Anyway it works so I'll accept this when I can
It's two levels of abstraction that happen to collide here. UsernamePasswordAuthenticationToken is concrete version of a an entity that may or may not be authenticated (Authentication). A User is an implementation of a Principal (details of a user) existing independently of any authentication status.
Ran into same issue, assumed that I needed to explicitly call setAuthenticated() method.
So meaning after invoking Authentication authentication = new UsernamePasswordAuthenticationToken(tempUser, password, authorities); I can call authentication.isAuthenticated(), which is expected to return TRUE?
note that user and password should not be null, otherwise isAuthenticated will return false even after calling the constructor with correct authorities

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.