Announcement Announcement Module
Collapse
No announcement yet.
security:authentication-provider is hard-coded for DaoAuthenticationProvider? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • security:authentication-provider is hard-coded for DaoAuthenticationProvider?

    In simplest terms, how do I register custom AuthenticationProviders for spring-security-2.x?

    I'm working with some recent snapshot of spring-webflow-samples/booking-mvc as my starting point, I'm using spring-security-2.0.0-RC1, and I'm struggling with authentication. I'm new to Acegi, so please bear with me. I've commented out the sample "security:authentication-provider" element, and am trying instead to configure a ProviderManager authenticationManager bean. All of my iterations are at best resulting in the following error:
    Code:
    ... ProviderNotFoundException: No AuthenticationProvider found for {0}
    For some background: I didn't have any problems building and running the sample application: I was able to authenticate using the sample security:authentication-provider as provided. I also didn't have any problems hooking my backend in through web-application-config.xml, and I've developed some controllers views which are successfully hitting my backend, producing the results I expect. In order to integrate with the legacy application I'm porting, I found it necessary to implement a custom AuthenticationProvider which extends AbstractUserDetailsAuthenticationProvider. I can't figure out how to configure spring-security to use this provider. Here are some relevant entries in my web-application-config.xml:

    Code:
    <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
      <property name="providers">
        <list>
          <ref local="myAuthenticationProvider" />
        </list>
      </property>
    </bean>
    
    <bean id="myUserDetailsService" class="com.myco.MyUserDetailsService"/>
    
    <bean id="myAuthenticationProvider" class="com.myco.MyAuthenticationProvider"/>
    
    <!-- Configure Spring Security -->
    <security:http auto-config="true">
      <!-- restrict URLs based on role -->
      ...
    
    <!--<security:authentication-provider>
    Notice that I've commented out the security:authentication-provider element because it appears to be hard-coded only to support DaoAuthenticationProvider. Also, the altered application wouldn't run until I implemented MyUserDetailsService, despite the fact the first iteration of my custom AuthenticationProvider didn't require one.

    When I dump the list of beans defined in my application context before I make my changes and after I make my changes, I see the following beans are present in the case which works, and not present in the case which doesn't work:
    Code:
    org.springframework.security.providers.dao.DaoAuthenticationProvider#0
    _userDetailsService
    org.springframework.security.config.AuthenticationProviderBeanDefinitionParser$AuthenticationProviderCacheResolver#0
    Any clues? Is it folly to try to start with spring-security-2.x, rather than making something first work using Acegi-1.0.6?

  • #2
    I asked a moment too soon. When I decorate my AuthenticationProvider like this, it gets picked up.

    Code:
    <bean id="myAuthenticationProvider" class="com.myco.MyAuthenticationProvider">
      <security:custom-authentication-provider/>
    </bean>
    BTW, the variable within the source for this string literal is misspelled: CUSTOM_AUTH_RPOVIDER rather than CUSTOM_AUTH_PROVIDER

    Comment


    • #3
      hey muaddib
      I have a question and an answer for ya.

      Answer: You dont need to use the UserDetailsService in your app. Just remove the auto-config="true" from <security:http auto-config="true"> and it should work fine. Basically auto-config="true" sets up multiple AuthenticationEntryPoints including Remmember-me which needs UserDetailsService .
      Bear in mind u need to add your AuthenticationEntryPoints when u remove the auto-config="true" like this
      <http>
      <intercept-url pattern="/*" access="ROLE_USER" />
      <form-login />
      <anonymous />
      <http-basic />
      <logout />
      </http>

      Question: Can you post all the steps u took to get your customer AuthenticationProvider running.
      I have wrote one and its getting loaded as a bean as well but its not getting called when i get a http request .
      Here are my steps:
      1)added the listiner in the web.xml
      2)Added the following in my securities-context.xml
      <http>
      <intercept-url pattern="/*" access="ROLE_USER" />
      <form-login />
      <anonymous />
      <http-basic />
      <logout />
      </http>

      3)Added the following in my app contect.xml

      <bean id="authenticationManager" class="org.springframework.security.providers.Prov iderManager">
      <property name="providers">
      <list>
      <ref local="apcAuthenticationProvider" />
      </list>
      </property>
      </bean>

      <bean id="apcAuthenticationProvider" class="com.al.aig.ws.icc.APCAuthenticationProvider ">
      <security:custom-authentication-provider />
      </bean>

      4)com.al.aig.ws.icc.APCAuthenticationProvider is as follows:

      public class APCAuthenticationProvider implements AuthenticationProvider{

      private static final Log log = LogFactory.getLog(LdapAuthenticationProvider.class );

      public Authentication authenticate(Authentication authentication)
      throws AuthenticationException {
      System.out.println("*** This is where I can put my own validation.");
      return authentication;
      }

      public boolean supports(Class arg0) {
      // TODO Auto-generated method stub
      return false;
      }

      public APCAuthenticationProvider() {
      System.out.println("*** APCAuthenticationProvider: Constructor .");

      }
      }

      Basically all i am expecting this todo it call my authenticate method when a http request hits this web app.

      Any help is appreciated.

      Comment

      Working...
      X