This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
How can we achieve auto-login upon registering using spring-security.?
In my application i am having register page at /users/new.
Upon successful registration, i am redirecting the user to new page /users/username which will display user details.
You should store the authentication object in the session. By default, if you put an Authentication in the SecurityContextHolder, Spring will put the authentication object in the session. Next time, the user comes to the website, it will load it from the session. ALso, by default loggiing in stores the authentication in the session, so you don;t have to do anything in the login page yourself. In your case, if you registration page puts the authentication object in the SecurityContextHolder, you might be good to go.
If you want to remember the user beyond the http session, you have to enable Remember-Me authentication. Basically, you have to put the cookie on the user's browser that persists beyond the HTTP session, and link that cookie to the user's login. When user comes to your website again with the cookie, you authenticate the user using the cookie rather than username/password. You can enable Remember me using Spring easily. You will have to build something in the backend to persist the remember me cookie in a database.