Announcement Announcement Module
Collapse
No announcement yet.
Tomcat (JDBCRealm) + Spring @Secured annotation . Do i need authentication-provider ? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tomcat (JDBCRealm) + Spring @Secured annotation . Do i need authentication-provider ?

    Guys,

    I am stuck with this issue and don't know how to resolve this.

    Tomcat Setup
    1.) I have defined my users and roles in the DB and use JDBCRealm in Tomcat to authenticate.


    Spring Setup
    1.) My method looks like this :

    @Secured({"ROLE_ADMIN","ROLE_MEMBER"})
    public List<Test> execute(Settings settings);

    * The HttpServletRequest object does have the UserPrincipal before i make a call to this execute method. I also see the correct role in UserPrincipal.

    2.) My application-context.xml looks like this :

    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChai nProxy">
    <sec:filter-chain-map path-type="ant">
    <sec:filter-chain pattern="/images/**" filters="none"/>
    <sec:filter-chain pattern="/css/**" filters="none"/>
    <sec:filter-chain pattern="/scripts/**" filters="none"/>
    <sec:filter-chain pattern="/**" filters="httpRequestFilter" />
    </sec:filter-chain-map>
    </bean>
    <bean id="httpRequestFilter" class="com.admin.web.security.Filter"/>

    <sec:global-method-security secured-annotations="enabled" />

    * Spring tells me i need to add an "authentication-provider". If i am already authenticating using JDBCRealm....how can i leverage that ?

    When i did create an "authentication-provider" like shown below, i get a BadCredentialsException.

    <bean id="authenticationManager" class="org.springframework.security.authentication .ProviderManager">
    <property name="providers">
    <list>
    <ref local="daoAuthenticationProvider" />
    </list>
    </property>
    </bean>

    <bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication .dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService" />
    <property name="hideUserNotFoundExceptions"
    value="false" />
    </bean>

    <sec:authentication-manager>
    <sec:authentication-provider>
    <sec:user-service id="userDetailsService">
    <sec:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
    </sec:user-service>
    </sec:authentication-provider>
    </sec:authentication-manager>


    Please help !!!

  • #2
    Dont worry about it guys...i figured it out.

    This is what i needed : http://static.springsource.org/sprin...e/preauth.html

    The webapp : "samples/preauth" is extremely helpful.

    Comment

    Working...
    X