Announcement Announcement Module
Collapse
No announcement yet.
spring 3.1 multiple providers configuration Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring 3.1 multiple providers configuration

    Good morning
    I'd like to implement this solution: i want to have to type of authentication (form-login and openID login) with spring security 3.1
    I proceed like that:
    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!--<http pattern="/resources" security="none" /> --> <http auto-config="false" use-expressions="true"> <intercept-url pattern="/login.htm" access="permitAll" /> <intercept-url pattern="/loginfailed*" access="permitAll" /> <intercept-url pattern="/home.htm" access="permitAll" /> <intercept-url pattern="/**.htm" access="hasRole('ROLE_CLOUD_USER')" /> <form-login login-page="/login.htm" default-target-url="/admin.htm" authentication-failure-url="/loginfailed.htm" always-use-default-target="true"/> <logout logout-url="/logout.htm" logout-success-url="/home.htm" /> </http> <http auto-config="true" use-expressions="true" pattern="/loginopenid*" authentication-manager-ref="authenticationManager"> <openid-login authentication-failure-url="/loginopenidfailed.htm"> <attribute-exchange> <openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" count="2"/> <openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" /> </attribute-exchange> </openid-login> </http> <!--Authentication Manager <authentication-manager alias="authenticationManager"> <authentication-provider ref="daoAuthenticationProvider"/> <authentication-provider ref="openIDAuthenticationProvider"/> </authentication-manager>--> <beans:bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="providerManager"/> </beans:bean> <beans:bean id="providerManager" class="org.springframework.security.authentication.ProviderManager"> <beans:property name="providers"> <beans:list> <beans:ref bean="daoAuthenticationProvider" /> <beans:ref bean="openIDAuthenticationProvider" /> </beans:list> </beans:property> </beans:bean> <!--dao authentication provider --> <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> <!--openID authentication provider --> <beans:bean id="openIDAuthenticationProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider"> <beans:property name="userDetailsService"> <beans:bean id="openIDUserDS" class="test.security.CloudOpenIDUserDS"/> </beans:property> </beans:bean> <user-service id="userDetailsService"> <user name="abdellah" password="32fe5bbf04adc744455c92fa7b71e9dca8ce729c" authorities="ROLE_CLOUD_USER" /> <user name="guest" password="35675e68f4b5af7b995d9205ad0fc43842f16450" authorities="ROLE_CLOUD_USER" /> </user-service> </beans:beans>
    in this configuration you can see, i have too providers ; the openid privider use a custom userDetailsService.
    here is the classe:
    Code:
    package test.security;
    
    import org.springframework.dao.DataAccessException;
    import org.springframework.security.core.Authentication;
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.authority.GrantedAuthorityImpl;
    import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
    import org.springframework.security.core.userdetails.User;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    import org.springframework.security.openid.OpenIDAuthenticationToken;
    
    import java.util.ArrayList;
    import java.util.HashMap;
    import java.util.List;
    import java.util.Map;
    
    public class CloudOpenIDUserDS implements UserDetailsService,
       AuthenticationUserDetailsService<OpenIDAuthenticationToken>
    {
       private final Map<String, List<GrantedAuthority>> userAuthorities = new HashMap<String, List<GrantedAuthority>>();
    
       public CloudOpenIDUserDS()
       {
          List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
          //this user has the privilege: "customer"
          authorities.add(new GrantedAuthorityImpl("customer"));
          this.userAuthorities.put("[http://mykel33.myopenid.com,]", authorities);
       }
    
       @Override
       public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException
       {
          User out_retour = null;
          if (this.userAuthorities.containsKey(username))
          {
             out_retour = new User(username, "", true, true, true, true, this.userAuthorities.get(username));
          }
          return out_retour;
       }
    
       @Override
       public UserDetails loadUserDetails(OpenIDAuthenticationToken tocken) throws UsernameNotFoundException
       {
          
          return null;
       }
    
    }
    when i deploy the app i always have this stacktrace:

  • #2
    spring 3.1 multiple providers configuration [continue]

    the stack trace is:
    Code:
    	... 41 more
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0': Cannot resolve reference to bean 'org.springframework.security.authentication.ProviderManager#0' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authentication.ProviderManager#0': Cannot resolve reference to bean 'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal  element to your configuration (with child  elements)? Alternatively you can use the authentication-manager-ref attribute on your  and  elements.
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1360)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
    	... 55 more
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authentication.ProviderManager#0': Cannot resolve reference to bean 'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal  element to your configuration (with child  elements)? Alternatively you can use the authentication-manager-ref attribute on your  and  elements.
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
    	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
    	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
    	... 65 more
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal  element to your configuration (with child  elements)? Alternatively you can use the authentication-manager-ref attribute on your  and  elements.
    	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:149)
    	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:102)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1441)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:305)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
    	... 77 more
    Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal  element to your configuration (with child  elements)? Alternatively you can use the authentication-manager-ref attribute on your  and  elements.
    	at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:31)
    	at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:20)
    	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:142)
    	... 82 more

    Comment


    • #3
      Hello,
      I fixed the problem by changing my configuration!! like that:
      Code:
      <beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schem...-beans-3.1.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">
        
        <!--<http pattern="/resources" security="none" /> -->
        
        <http auto-config="true" use-expressions="true" >
          <intercept-url pattern="/**.htm" access="hasRole('ROLE_CLOUD_USER')" />
          <intercept-url pattern="/login.htm" access="permitAll" />
          <intercept-url pattern="/loginfailed*" access="permitAll" />
          <intercept-url pattern="/home.htm" access="permitAll" />
          
          
          <form-login login-page="/login.htm"
          default-target-url="/admin.htm"
          authentication-failure-url="/loginfailed.htm"
                      always-use-default-target="true"/>
          <logout logout-url="/logout.htm" logout-success-url="/home.htm" />  
          
        </http>
        
        <http auto-config="false" use-expressions="true" authentication-manager-ref="authenticationManager">
          <intercept-url pattern="/loginopenid*" access="hasRole('ROLE_CLOUD_USER')" />
          <openid-login authentication-failure-url="/loginopenidfailed.htm">
            <attribute-exchange>
              <openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" count="2"/>
              <openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" />
            </attribute-exchange>
          </openid-login>
        </http>
        
        <!--Authentication Manager -->
        <authentication-manager alias="authenticationManager">
          <authentication-provider ref="daoAuthenticationProvider"/>
          <authentication-provider ref="openIDAuthenticationProvider"/>
        </authentication-manager>
        
        
        <!--dao authentication provider -->
        <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
          <beans:property name="userDetailsService" ref="userDetailsService" />
          <beans:property name="passwordEncoder" ref="passwordEncoder" />
        </beans:bean>
        
        <!--openID authentication provider -->
        <beans:bean id="openIDAuthenticationProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
          <beans:property name="userDetailsService" ref="openIDUserDS"/>   
        </beans:bean>  
        
           
          <beans:bean id="openIDUserDS" class="test.security.CloudOpenIDUserDS"/>
        
        <user-service id="userDetailsService">
          <user name="abdellah" password="32fe5bbf04adc744455c92fa7b71e9dca8ce729c" authorities="ROLE_CLOUD_USER" />
          <user name="guest"    password="35675e68f4b5af7b995d9205ad0fc43842f16450" authorities="ROLE_CLOUD_USER" />
        </user-service>
        
        <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
        
      </beans:beans>
      but i have now another problem less complicated then the old bug:
      Code:
      org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your  namespace or FilterChainProxy bean configuration
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
      	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
      	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
      	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
      	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
      	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
      	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
      	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
      	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
      	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
      	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
      	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4206)
      	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4705)
      	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
      	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
      	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
      	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1079)
      	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1002)
      	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:506)
      	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
      	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
      	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
      	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
      	at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
      	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
      	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
      	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
      	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
      	at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      	at java.lang.reflect.Method.invoke(Method.java:597)
      	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
      	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
      Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your  namespace or FilterChainProxy bean configuration
      	at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49)
      	at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39)
      	at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:148)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
      	... 36 more

      Comment


      • #4
        I believe it's just the order of precedence that is the issue.

        Try changing this:

        Code:
        <http auto-config="true" use-expressions="true" >
            <intercept-url pattern="/**.htm" access="hasRole('ROLE_CLOUD_USER')" />
            <intercept-url pattern="/login.htm" access="permitAll" />
            <intercept-url pattern="/loginfailed*" access="permitAll" />
            <intercept-url pattern="/home.htm" access="permitAll" />
        to this:

        Code:
        <http auto-config="true" use-expressions="true" >
            <intercept-url pattern="/login.htm" access="permitAll" />
            <intercept-url pattern="/loginfailed*" access="permitAll" />
            <intercept-url pattern="/home.htm" access="permitAll" />
            <intercept-url pattern="/**.htm" access="hasRole('ROLE_CLOUD_USER')" />

        Comment


        • #5
          This is because ou removed the pattern attribute from the first http tag.

          Comment

          Working...
          X