Spring Boot login programmatically

Important:
First you need a custom password encoder for your spring boot project, so you can log in using your user credentials. READ HERE - custom password encoder for spring boot.

Setup Spring Security

Expose context of org.springframework.security.authentication.AuthenticationManager from security config class to be used in LoginController

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
  @Autowired
  private UserDetailsService userDetailsService;
  @Autowired
  DataSource dataSource;

  @Bean
  public static CustomPassword passwordEncoder() {
    return new CustomPassword("passwordEncoder");
  }

  @Bean
  public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
    return http.getSharedObject(AuthenticationManagerBuilder.class)
        .build();
  }
}

Setup Controller

add custom fields to your @Controller class like my LoginController below.

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.stereotype.Controller;
import org.springframework.beans.factory.annotation.Autowired;

@Controller
public class LoginController {
  @Autowired
  private UserService userService;
  private CustomPassword passwordEncoder;
  private AuthenticationManager authenticationManager;

  public LoginController(UserService userService, CustomPassword passwordEncoder, AuthenticationManager authenticationManager) {
      this.userService = userService;
      this.passwordEncoder = passwordEncoder;
      this.authenticationManager = authenticationManager;
  }
}

Create endpoint mapping

create new url mapping for authenticate the given identifier to valid session token.

@RequestMapping(value = "/login/{uuid}", produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public String loginUUID(@PathVariable String uuid, HttpServletRequest request, HttpServletResponse response) {
    JSONObject jsonObject = new JSONObject();
    Optional<User> find = Optional.ofNullable(userService.findUserByEmail(uuid));
    SecurityContext securityContext = SecurityContextHolder.getContext();
    if (find.isPresent()) {
        User user = find.get();
        String password = passwordEncoder.decode(user.getPassword());
        String email = user.getEmail();
        jsonObject.put("email", user.getEmail());
        try {
            UsernamePasswordAuthenticationToken loginToken = new UsernamePasswordAuthenticationToken(email,
                    password);
            Authentication authenticatedUser = authenticationManager.authenticate(loginToken);
            securityContext.setAuthentication(authenticatedUser);
            HttpSession session = request.getSession(true);
            session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
        } catch (Exception e) {
            System.err.println("Error while login");
        }
    }
    Authentication authentication = securityContext.getAuthentication();
    if (authentication != null) {
        jsonObject.put("is login", authentication.isAuthenticated());
        jsonObject.put("authorities", authentication.getAuthorities());
        jsonObject.put("authorities has admin", authentication.getAuthorities().stream()
                .anyMatch(a -> a.getAuthority().toLowerCase(Locale.ROOT).contains("admin")));
    }
    return jsonObject.toString();
}

above codes will return content-type: application/json

Full codes sample

full my sample codes login programmatically with custom password encoder for spring boot.

package web.user;

import java.util.Locale;
import java.util.Optional;

import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import web.CustomPassword;

@Controller
public class LoginController {
    @Autowired
    private UserService userService;
    private CustomPassword passwordEncoder;
    private AuthenticationManager authenticationManager;

    public LoginController(UserService userService, CustomPassword passwordEncoder,
            AuthenticationManager authenticationManager) {
        this.userService = userService;
        this.passwordEncoder = passwordEncoder;
        this.authenticationManager = authenticationManager;
    }

    @RequestMapping(value = "/login/{uuid}", produces = MediaType.APPLICATION_JSON_VALUE)
    @ResponseBody
    public String loginUUID(@PathVariable String uuid, HttpServletRequest request, HttpServletResponse response) {
        JSONObject jsonObject = new JSONObject();
        Optional<User> find = Optional.ofNullable(userService.findUserByUuid(uuid));
        SecurityContext securityContext = SecurityContextHolder.getContext();
        if (find.isPresent()) {
            User user = find.get();
            String password = passwordEncoder.decode(user.getPassword());
            String email = user.getEmail();
            jsonObject.put("email", user.getEmail());
            try {
                UsernamePasswordAuthenticationToken loginToken = new UsernamePasswordAuthenticationToken(email,
                        password);
                Authentication authenticatedUser = authenticationManager.authenticate(loginToken);
                securityContext.setAuthentication(authenticatedUser);
                HttpSession session = request.getSession(true);
                session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
            } catch (Exception e) {
                System.err.println("Error while login");
            }
        }
        Authentication authentication = securityContext.getAuthentication();
        if (authentication != null) {
            jsonObject.put("is login", authentication.isAuthenticated());
            jsonObject.put("authorities", authentication.getAuthorities());
            jsonObject.put("authorities has admin", authentication.getAuthorities().stream()
                    .anyMatch(a -> a.getAuthority().toLowerCase(Locale.ROOT).contains("admin")));
        }
        return jsonObject.toString();
    }
}

Conclusion

this are important part for Spring Boot login programmatically, for full spring application project with Spring Boot login programmatically implementation you can view my sample project on Github.