Announcement Announcement Module
Collapse
No announcement yet.
CustomUserDetailsService can't do @Autowired Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Thanks for your hint! I tried to follow your advice and looked up the spring reference guide, but I'm stuck. I tried to look again at the log files, but I can't see why it's not working.

    If you could take a look at the new logfile, which catches the login execution, that would be great.

    Attachment
    Attached Files
    Last edited by TomBlank; Apr 17th, 2012, 03:56 AM.

    Comment


    • #32
      Solved

      I spent 4 days of trying to fix this injection of my Repository in CustomUserDetailsService and at the end, it turned out to be a bug in Spring Security debug namespace!! I don't know why it's stopping my Repository to be injected but removing debug element from my security fixes this issue.

      PHP Code:
      <!-- DO NOT USE IT -->
      <
      debug /> 
      For those who are looking for a working example, here is what's working for me.

      CustomUserDetailsService.java
      PHP Code:
      @Transactional(readOnly true)
      public class 
      CustomUserDetailsService implements UserDetailsService {

          @
      Autowired
          
      private PersonDAO personDAO;
          
          public 
      UserDetails loadUserByUsername(String email) {

              
      UserDetails user null;
              
      Person person null;
              
              try {            
                  
      person personDAO.getPersonemail );            
                  
      user = new SecurityUserpersonperson.getFirstName()+" "+person.getLastName(), 
                          
      person.getPassword().toLowerCase(), getGrantedAuthoritiesperson.getRoleList() ) );
                  
                  return 
      user;
                  
              } catch (
      Exception e) {
                  
      System.out.println"Exception: "+e.getMessage() );
                  
      System.out.println"Exception: "+e.getCause() );
                  throw new 
      RuntimeException(e);
              }
          }
          
          
          
      /**
           * Wraps {@link String} roles to {@link SimpleGrantedAuthority} objects
           * @param roles {@link String} of roles
           * @return list of granted authorities
           */
          
      public static List<GrantedAuthoritygetGrantedAuthorities(List<Roleroles) {
              List<
      GrantedAuthorityauthorities = new ArrayList<GrantedAuthority>();
              for( 
      Role role roles ) {
                  
      authorities.add( new SimpleGrantedAuthorityrole.getRoleName() ));
              }
              return 
      authorities;
          }

      And here is the security-context.xml
      HTML Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <beans:beans xmlns="http://www.springframework.org/schema/security"
          xmlns:beans="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns:context="http://www.springframework.org/schema/context"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
          
          <!-- DON'T USE THIS; INJECTION OF REPOSITORY WILL FAIL! -->
          <!-- debug / -->
          
      
          <global-method-security pre-post-annotations="enabled" />
      
          <http use-expressions="true" auto-config="true">
          	<intercept-url pattern="/account/**" access="hasRole('ROLE_USER')" />
      		
      		<form-login login-page="/auth/login" 
      					authentication-failure-url="/auth/denied" 
      					default-target-url="/contact/feedback" />
      
      		<access-denied-handler error-page="/auth/denied" />
      
      		<logout invalidate-session="true"
      				logout-success-url="/auth/logout"
      				logout-url="/logout"
      				delete-cookies="JSESSIONID" />
      				
              <remember-me />
              
              <session-management invalid-session-url="/">
                  <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
              </session-management>
      
          </http>
      
      	<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
      
      	<beans:bean id="customUserDetailsService" class="com.company.auth.CustomUserDetailsService" />
      
      	<authentication-manager>
      		<authentication-provider user-service-ref="customUserDetailsService">
      			<password-encoder ref="passwordEncoder"/>
      		</authentication-provider>
      	</authentication-manager>	
      
      </beans:beans>

      Comment


      • #33
        Is it related to this bug? That should be fixed in Spring Security 3.1.1 (I did notice that before when looking for solutions but didn't think it was relevant).

        Comment


        • #34
          I would say so. I found it out actually by looking up the issues in Spring Security and came across some bugs in the setup of Spring Security. I also thought, it's all fixed but couldn't resist to give it a try and remove the debug element. All for sudden, the CustomUserDetailsService was working.

          Comment


          • #35
            It is fixed in spring security 3.1.1 but that hasn't been released yet... So you are still on spring security 3.1.0 which has that bug. Switch to a nightly build of spring security and I assume it will be fixed.

            Comment

            Working...
            X