Announcement Announcement Module
Collapse
No announcement yet.
Help with - Spring Security, JAAS, authentication-provider, UserDetailsService Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help with - Spring Security, JAAS, authentication-provider, UserDetailsService

    Hi,

    I am using Spring Security 2.0.1 with JAAS (J2SE 5) for a web application. I am at a loss to understand how to setup the <authentication-provider> within my security context as it expects a UserDetailsService implementation. All I have is JAAS that is supposed to provide the userDetails/authentication information.

    Here is the snippet from applicationContext.xml
    <bean id="jaasAuthenticationProvider"
    class="org.springframework.security.providers.jaas .JaasAuthenticationProvider">
    <security:custom-authentication-provider/>
    <property name="loginConfig" value="/WEB-INF/login.conf" />
    <property name="loginContextName" value="RDBMSLogin" />
    <property name="callbackHandlers">
    <list>
    <bean
    class="org.springframework.security.providers.jaas .JaasNameCallbackHandler" />
    <bean
    class="org.springframework.security.providers.jaas .JaasPasswordCallbackHandler" />
    </list>
    </property>
    <property name="authorityGranters">
    <list>
    <bean
    class="sample.framework.security.authorization.MyA uthorityGranter" />
    </list>
    </property>
    </bean>


    Here is the securityContext.xml

    <beans:beans xmlns="...">

    <http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login />
    <anonymous />
    <http -basic />
    <logout />
    <remember-me />
    </http >
    <authentication-provider user-service-ref='WHAT-SHOULD-I-PUT-IN-HERE?'/>
    </beans:beans>
    Last edited by arunpsm; Jul 10th, 2008, 02:06 PM. Reason: removed html tags

  • #2
    I might be incorrect, just making an educated guess,

    (Based on from what I can understand from the namespace related documentation in sectoin 2.6 at
    http://static.springframework.org/sp...ns-config.html )
    I would guess you should be able to do the following since you don't need the default registered DaoAuthentication provider or its userDetailsService (since you are providing your own custom Authentication provider bean)

    Code:
    <beans:beans xmlns="...">
    
    	<http  auto-config='true'>
    		<intercept-url pattern="/**" access="ROLE_USER" />
    		<form-login />
    		<anonymous />
    		<http -basic />
    		<logout />
    		<remember-me />
    	</http >
    
    	<bean id="jaasAuthenticationProvider"
    		class="org.springframework.security.providers.jaas.JaasAuthenticationProvider">
    		<security:custom-authentication-provider/>
    		<property name="loginConfig" value="/WEB-INF/login.conf" />
    		<property name="loginContextName" value="RDBMSLogin" />
    		<property name="callbackHandlers">
    			<list>
    				<bean
    					class="org.springframework.security.providers.jaas.JaasNameCallbackHandler" />
    				<bean
    					class="org.springframework.security.providers.jaas.JaasPasswordCallbackHandler" />
    			</list>
    		</property>
    		<property name="authorityGranters">
    			<list>
    				<bean
    					class="sample.framework.security.authorization.MyAuthorityGranter" />
    			</list>
    		</property>
    	</bean>

    Comment


    • #3
      Help with - Spring Security, JAAS, authentication-provider, UserDetailsService

      Thanks robinbajaj. I tried the option you mentioned, but still does not work. It still expects the UserDetailsService implementation. Anyways I will keep trying other options - may be implement UserDetailsService that interfaces with JAAS.

      Comment


      • #4
        Remember-me requires a UserDetailsService, so I'm guessing that's why your configuration isn't working.

        It's always a good idea to check the changelog if you aren't using the latest version. And if you have an exception, then please post it with your question (along with the contextual information from the debug log) as it makes it so much easier to provide correct solutions.

        Comment


        • #5
          I tried this some months ago too without success, and I also got stuck with the authority granter implementation...
          I have no idea what I should implement when using JAAS :s

          and a simple

          Code:
          if ("someuser".equalsIgnoreCase(principle.getName()) 
                // set user role to something
          isn't a very good idea....

          as of this day, even without using remember-me, with the same config for the rest, I did not get JAAS with spring security to work...

          Comment

          Working...
          X