Announcement Announcement Module
Collapse
No announcement yet.
More than one UserDetailsService Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • More than one UserDetailsService

    Appfuse 1.9.4 update for Work Related to Spring 2.0 and now I have spring-security 2.0.7

    I want to do is to give users two ways to login to my application
    1. For form (with username and contrasenia)
    2. For OpenID (using for that a Google Apps domain)

    I have two separate. jsp where one is for normal logue (login.jsp) and the other for OpenID (login_openid.jsp)

    The only form logging in, if I comment about the openid works fine, but now that you enable openid does not work with the error "More than one UserDetailsService registered. "

    I understand that implements its own UserDetailsService appfuse in Class User.java I put down.

    Still unclear to me how to operate openID with Google Apps domains (if you help me on that side will thank you), but for now I wish I could try an in-memory <user_service> to test the normal openID (without using a domain Google Apps yet). The case is not working and I hope your help. Thanks.

    My security file:

    security.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security" 
    			xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    			xmlns:beans="http://www.springframework.org/schema/beans"
    			xsi:schemaLocation="http://www.springframework.org/schema/beans 
    								http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    								http://www.springframework.org/schema/security
    								http://www.springframework.org/schema/security/spring-security-2.0.6.xsd">
    
        <beans:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
            <beans:property name="loginFormUrl" value="/login.jsp"/>
        </beans:bean>
    
        <http auto-config="false" entry-point-ref="entryPoint">
            <intercept-url pattern="/login.jsp*" filters="none" />
            <intercept-url pattern="/mainMenu.html" access="ROLE_EMPUM,ROLE_ADMIN,ROLE_USER"/>
            <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/>
            
            
    		<form-login login-page="/login.jsp" 
    					authentication-failure-url="/login.jsp?error=true"
    					login-processing-url="/j_spring_openid_security_check"/>
            
            <logout logout-url="/logout.jsp" 
            		logout-success-url="/login.jsp" 
            		invalidate-session="true"/>
           	
    		<openid-login login-page="/login_openid.jsp" />
        </http>
    
    	<!-- 
    	<authentication-provider user-service-ref="userDao">
    		<password-encoder ref="passwordEncoder"/>
    	</authentication-provider> -->
    
    	<!-- <authentication-manager alias="authenticationManager" /> -->
    	
    	<beans:bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
    		<beans:property name="providers">
    			<beans:list>
    				<beans:idref bean="userDao"/>
    				<beans:ref local="userService"/>
    			</beans:list>
    		</beans:property>
    	</beans:bean>
    	
        <!-- <beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder" /> -->
        
        <global-method-security>
        	<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
        	<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
        </global-method-security>
         
        <beans:bean id="userDao" class="mx.edu.um.dao.hibernate.UserDaoHibernate">
            <beans:property name="sessionFactory" ref="sessionFactory"/>
        </beans:bean>
         
    	<user-service id="userService">
    		<user name="https://el-azar-ordenado.blogspot.com"
    				password="notused"
    				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
    		<user name="http://guepardo190889.myopenid.com"
    				password="notused"
    				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
    		<user name="https://www.google.com/accounts/o8/id?id=AItxxioJSDLFJLjxcksdfjOpAASDFosSSoJ0E"
    				password=""
    				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
    		</user-service> 
    </beans:beans>

    The stack trace error:

    Code:
    [financiero] ERROR [main] ContextLoader.initWebApplicationContext(206) | Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_openIDAuthenticationProvider': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
    Caused by: org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
    	at org.springframework.security.config.UserDetailsServiceInjectionBeanPostProcessor.getUserDetailsService(UserDetailsServiceInjectionBeanPostProcessor.java:111)
    	at org.springframework.security.config.UserDetailsServiceInjectionBeanPostProcessor.injectUserDetailsServiceIntoOpenIDProvider(UserDetailsServiceInjectionBeanPostProcessor.java:91)
    	at org.springframework.security.config.UserDetailsServiceInjectionBeanPostProcessor.postProcessBeforeInitialization(UserDetailsServiceInjectionBeanPostProcessor.java:38)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:302)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1168)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:427)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:291)
    	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
    	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
    	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
    	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
    	at mx.edu.um.webapp.listener.StartupListener.contextInitialized(StartupListener.java:48)
    	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3795)
    	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4252)
    	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
    	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
    	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
    	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:634)
    	at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:561)
    	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:496)
    	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1203)
    	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:319)
    	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
    	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
    	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
    	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
    	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
    	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
    	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
    	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    	at java.lang.reflect.Method.invoke(Method.java:597)
    	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
    	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

    The class User.java (some methods are omitted)

    Code:
    package org.appfuse.model;
    
    import java.io.Serializable;
    import java.util.HashSet;
    import java.util.Set;
    
    import org.acegisecurity.GrantedAuthority;
    import org.acegisecurity.userdetails.UserDetails;
    
    public class User extends BaseObject implements Serializable, UserDetails {
        protected Long id;
        protected String username;                    
        protected String password;                    
        protected Set roles = new HashSet();
        protected boolean enabled;
        protected boolean accountExpired;
        protected boolean accountLocked;
        protected boolean credentialsExpired;
    
        public User() {}
    
        public User(String username) {
            this.username = username;
        }
    
        public Long getId() {
            return id;
        }
    ...
    ...
        public Set getRoles() {
            return roles;
        }
    
        public void addRole(Role role) {
            getRoles().add(role);
        }
        
        /**
         * @see org.acegisecurity.userdetails.UserDetails#getAuthorities()
         */
        public GrantedAuthority[] getAuthorities() {
            return (GrantedAuthority[]) roles.toArray(new GrantedAuthority[0]);
        }
        
    ...
    ...
    }

  • #2
    Originally posted by guepardo190889 View Post
    and now I have spring-security 2.0.7
    I assume you mean 2.0.6 since there is no 2.0.7 version. If you can help it, I would try to avoid this version. If possible, use Spring Security 3.0.5.RELEASE.

    Originally posted by guepardo190889 View Post
    The only form logging in, if I comment about the openid works fine, but now that you enable openid does not work with the error "More than one UserDetailsService registered. "

    I understand that implements its own UserDetailsService appfuse in Class User.java I put down.
    To avoid the exception when you have multiple UserDetailsService's you need to specify which one the OpenIDAuthenticationProvider should use. An example is given below:
    Code:
    <openid-login login-page="/login_openid.jsp" user-service-ref="userDao"/>

    Originally posted by guepardo190889 View Post
    Still unclear to me how to operate openID with Google Apps domains (if you help me on that side will thank you), but for now I wish I could try an in-memory <user_service> to test the normal openID (without using a domain Google Apps yet). The case is not working and I hope your help. Thanks.
    OpenID4Java uses HttpClient by default which does not play well with Google App Engine. OpenID4Java's latest release now allows swapping out HttpClient. This tutorial demonstrates how to get Spring Security OpenID to work in App Engine by swapping out HttpClient (note in the blog it states that openid4java has not been released, but it has since been released).

    Comment


    • #3
      google apps domain

      thanks for answer...

      I corrected my security.xml and now I try to access my application through my mail from my google apps domain: um.edu.mx but not working. This is the error I get:

      Security:
      Code:
      	 
          <http auto-config="false" entry-point-ref="entryPoint">
              <intercept-url pattern="/login.jsp*" filters="none" />
              <intercept-url pattern="/mainMenu.html" access="ROLE_EMPUM,ROLE_ADMIN,ROLE_USER"/>
              <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/>
      		         
      		<form-login login-page="/login.jsp" 
      					authentication-failure-url="/login.jsp?error=true"
      					login-processing-url="/j_spring_security_check"/> 
              
      		<openid-login login-page="/login.jsp"
      						user-service-ref="userServiceOpenID"
      						authentication-failure-url="/login.jsp?error=true"
      						login-processing-url="/j_spring_openid_security_check"/>
      		 
              <logout logout-url="/logout.jsp" 
              		logout-success-url="/login.jsp" 
              		invalidate-session="true"/>
          </http>
      
          <authentication-manager alias="authenticationManager" />
      	
          <authentication-provider user-service-ref="userDao">
          	<password-encoder ref="passwordEncoder" />
          </authentication-provider>
          
      	<user-service id="userServiceOpenID">
      		<user name="https://el-azar-ordenado.blogspot.com"
      				password="notused"
      				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
      		<user name="http://guepardo190889.myopenid.com/"
      				password="notused"
      				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
      				<!-- [email protected] -->
      		<user name="https://www.google.com/accounts/o8/id?id=AItOawl3jFK6g5Li57SfDml16_RAoAZBKBsIXdE" 
      				password=""
      				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
      	</user-service>
      
      	<beans:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
              <beans:property name="loginFormUrl" value="/login.jsp"/>
          </beans:bean> 
      
      	<beans:bean id="userDao" class="mx.edu.um.dao.hibernate.UserDaoHibernate">
              <beans:property name="sessionFactory" ref="sessionFactory"/>
              <!-- <beans:property name="passwordEncoder" ref="passwordEncoder"/> -->
          </beans:bean> 
      		
      	<beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder" />
      	
      	<global-method-security>
          		<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
          		<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
          </global-method-security> 
      </beans:beans>
      Error:
      Code:
      [financiero] DEBUG [http-8080-Processor24] OpenIDAuthenticationProcessingFilter.unsuccessfulAuthentication(210) | Updated SecurityContextHolder to contain null Authentication
      [financiero] DEBUG [http-8080-Processor24] Discovery.parseIdentifier(113) | Creating URL identifier for: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx
      [financiero] DEBUG [http-8080-Processor24] UrlIdentifier.normalize(112) | Normalized: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx to: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx
      [financiero] INFO [http-8080-Processor24] Discovery.discover(184) | Starting discovery on URL identifier: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx
      [financiero] DEBUG [http-8080-Processor24] YadisResolver.headXrdsUrl(527) | Performing HTTP HEAD on: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx ...
      [financiero] INFO [http-8080-Processor24] YadisResolver.discover(237) | Yadis discovery failed on https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx, status: 4, error message: I/O transport error: 
      [financiero] INFO [http-8080-Processor24] Discovery.discover(201) | No OpenID service endpoints discovered through Yadis; attempting HTML discovery...
      [financiero] DEBUG [http-8080-Processor24] HtmlResolver.call(163) | Fetching https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx...
      [financiero] ERROR [http-8080-Processor24] OpenIDAuthenticationProcessingFilter.determineFailureUrl(117) | Unable to consume claimedIdentity [https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx]
      org.springframework.security.ui.openid.OpenIDConsumerException: Error during discovery
      	at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:75)
      	at org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.determineFailureUrl(OpenIDAuthenticationProcessingFilter.java:115)
      	at org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.unsuccessfulAuthentication(OpenIDAuthenticationProcessingFilter.java:213)
      	at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:263)
      	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
      	at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
      	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
      	at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
      	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
      	at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
      	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
      	at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:185)
      	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183)
      	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
      	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
      	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
      	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
      	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
      	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
      	at java.lang.Thread.run(Thread.java:662)
      Caused by: org.openid4java.discovery.DiscoveryException: Fatal transport error: 
      	at org.openid4java.discovery.HtmlResolver.call(HtmlResolver.java:201)
      	at org.openid4java.discovery.HtmlResolver.discover(HtmlResolver.java:134)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:204)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:138)
      	at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:497)
      	at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:73)
      	... 31 more
      Caused by: java.net.SocketTimeoutException: Read timed out
      	at java.net.SocketInputStream.socketRead0(Native Method)
      	at java.net.SocketInputStream.read(SocketInputStream.java:129)
      	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
      	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
      	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
      	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
      	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
      	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
      	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
      	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
      	at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
      	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
      	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
      	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
      	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
      	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
      	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
      	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
      	at org.openid4java.discovery.HtmlResolver.call(HtmlResolver.java:165)
      	... 36 more

      Comment


      • #4
        i'm using openid 0.9.3 and do not upgrade to spring security 3 by problems with the core clasess from appfuse.

        Comment

        Working...
        X