Announcement Announcement Module
Collapse
No announcement yet.
custom UserDetailsService.loadUserByUsername Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • custom UserDetailsService.loadUserByUsername

    In my application a user is identified by 2 columns:
    client
    username

    So I need a custom loadUserByUsername method. Is that possible?

    As a workaround I got three input fields in my login.jsp with ids:
    j_mandt
    j_usernamex
    j_password

    onSubmit is concatenate j_username to
    j_mandt + ":" + j_usernamex

    And in loadUserByUsername I split the string again.

    Can you suggest another solution?

    Thanks
    René

  • #3
    Customize UserDetailsService or CustomUserDetailsService?

    Hello Puneet,

    I guess your question is how to use your own UserDetailsService?
    all you have to do is declare a class which implements UserDetailsManager

    PHP Code:
    public class YourClass implements UserDetailsManager{
            
    /*If you wish you can customize and populate UserDetails as well generally it will have UserName,
     Password (may not be available always), GrantedAuthority[] etc */

            
    public UserDetails loadUserByUsername(String userName){
            
            }

    In the applicationContext.xml the following is the configuration.

    PHP Code:
    <bean id="userServiceImpl" class="com.xyz.security. YourClass " >
            <!-- 
    Any Ioc's if you want-->
        </bean>
    <!--You can use any authentication provider here only thing that you should notice is authentication providers will take userDetailsService -->
    <bean id="authenticationProvider"
              class="org.springframework.security.providers.cas.CasAuthenticationProvider">
            <security:custom-authentication-provider/>
            <property name="userDetailsService" ref="userServiceImpl"/>
            <property name="serviceProperties" ref="serviceProperties"/>
            <property name="ticketValidator">
                <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                    <constructor-arg index="0" value="https://${com.xyz.abc.cas.server.name}/cas"/>
                    <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage"/>
                    <property name="proxyCallbackUrl" value="http://${com.xyz.abc.cas.server.name}/secure/receptor"/>
                </bean>
            </property>
            <property name="key" value="an_id_for_this_auth_provider_only"/>
        </bean> 
    Regards,
    Giridhar Duggirala

    Comment


    • #4
      custom UserDetailsService.loadUserByUsername

      Hi Giridhar!
      First all thanxs for the reply. As told i had customized my UserDetailService class. As i also have 3 login fields in my login page i had customized my AutheticationProcessingFilter to accept another field , so now my AutheticationProcessingFilter is created to accpet 3 fields username, customerId and Password.
      After overriding AutheticationProcessFilter and UserDetailService classes when i run the application my custom AutheticationProcessingFilter class attempt autheticate method is not getting called.
      Do you have any idea, may be i am doing something wrong.



      /*****MYAuthencticationProcessingFilter *********/
      public class MYAuthencticationProcessingFilter extends AuthenticationProcessingFilter
      {
      public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
      public static final String USERNAME_CUSTOMERID_SEPARATION_KEY = "::";
      private String customerId;

      public MYAuthencticationProcessingFilter ()
      {
      customerId = "customerId";
      }

      public Authentication attemptAuthentication(HttpServletRequest request)
      throws AuthenticationException
      {
      String username = obtainUsername(request);
      String password = obtainPassword(request);
      String customerId = obtainCustomerId(request);
      if(username == null)
      username = "";
      if(password == null)
      password = "";
      if(customerId== null)
      customerId ="";
      username = username.trim();
      username = username + USERNAME_CUSTOMERID_SEPARATION_KEY + customerId;
      UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
      HttpSession session = request.getSession(false);
      if(session != null || getAllowSessionCreation())
      request.getSession().setAttribute("SPRING_SECURITY _LAST_USERNAME", TextUtils.escapeEntities(username));
      setDetails(request, authRequest);
      return getAuthenticationManager().authenticate(authReques t);
      }

      protected String obtainCustomerId(HttpServletRequest request)
      {
      return request.getParameter(customerId);
      }

      public void setCustomerId(String customerId)
      {
      Assert.hasText(customerId, "Customer ID must not be empty or null");
      this.customerId = customerId;
      }
      }

      /********ApplicationContext.xml**********/

      bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
      <property name="filterInvocationDefinitionSource">
      <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      PATTERN_TYPE_APACHE_ANT
      /**=httpSessionIntegrationFilter,authenticationProc essingFilter,exceptionTranslationFilter
      </value>
      </property>
      </bean>
      <bean id="authenticationProcessingFilter" class="com.xxxxxxxxxx.security.MYAuthencticationPr ocessingFilter ">
      <property name="filterProcessesUrl" value="/monitorvehicle" />
      <property name="authenticationFailureUrl" value="/iFleet/customerLogin.jsp" />
      <property name="defaultTargetUrl" value="/" />
      <property name="authenticationManager" ref="authenticationManager" />
      </bean>

      <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTr anslationFilter">
      <property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
      <property name="accessDeniedHandler" ref="accessDeniedHandler" />
      </bean>

      <bean id="httpSessionIntegrationFilter" class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter" />

      <bean id="authenticationManager" class="org.springframework.security.providers.Prov iderManager">
      <property name="providers">
      <list>
      <ref bean="daoAuthenticationProvider"/>
      </list>
      </property>
      </bean>

      <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao. DaoAuthenticationProvider">
      <property name="userDetailsService" ref="userDetailsService"/>
      </bean>

      <bean id="userDetailsService" class="com.security.MyUserDetailsService" />

      <bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
      <property name="loginFormUrl" value="/customerLogin.jsp" />
      </bean>


      <bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDenie dHandlerImpl">
      <property name="errorPage" value="/error.html" />
      </bean>


      Regards
      Puneet Baijal
      Last edited by [email protected]; Jan 14th, 2009, 11:30 AM.

      Comment


      • #5
        Add the spring security source jar to your project, then use a debugger. If you put a breakpoint in the AbstractProcessingFilter class doFilterHttp() method you will be able to work out what class is being called and what the issue is.

        And please don't copy and paste your posts in multiple threads throughout the forum.

        Comment


        • #6
          custom UserDetailsService.loadUserByUsername

          Hi Luke!
          Thanxs for the reply. Does the spring security configuration any different if while using Struts 2 in an application.
          Actually my application is a struts 2 based application and i need to integrate Spring security in that. So does it require any different configurations or the configurations would remain the same.

          Comment

          Working...
          X