Announcement Announcement Module
Collapse
No announcement yet.
method not intercepted while authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • method not intercepted while authentication

    Hi
    i hav implemented my custom UserDetailsService and I am calling a secured method from loadUserByUserName(). But that method is not intercepted here. After the user is authenticated and logs in successfully, if I use that same secured method again it is intercepted. I tried to debug the code but found that chain is empty when that method is called from loadUserByUsername. But chain is populated with MethodSecurityInterceptor if same method is called from some where else.
    Is it the feature provided by SpringSecurity to not to intercept method while authentication? or I am making some mistake.
    Kindly help.

    Thanks

  • #2
    Is your secured method in the same class where loadUserByUserName implementation is?

    http://static.springframework.org/sp...ng-aop-proxies

    Comment


    • #3
      No its not part of that class. Its comlpetely different bean. Actually its a database API.

      Comment


      • #4
        Does anybody know about the problem i am facing. Please help

        Comment


        • #5
          Please add your configuration as an attachment (not inline) - otherwise it's very difficult for people to work out what's happening.

          Comment


          • #6
            Hi Luke
            I hav attached configuration files. As u can see i have intercepted only database api. using this api i fetch user data from db in loadUserByUsername method of UserDetailsService.

            Comment


            • #7
              Probably issue with AdminVoter.

              I have created test-app based on you configuration, and DatabaseAPI is intercepted when it is called from loadUserByUsername. And in this case there is logical exception: authorization mechanism is called before authentication.

              Reason: An Authentication object was not found in the SecurityContext.

              Comment


              • #8
                Hi Andrei
                Thanks so much for putting in that much effort.
                I think there is no problem with voter. The exception you r getting shows up when u try to access secured method without going thru authentication process with success, as it stores authentication object in security context after authentication success. So every time u try to access secured method it will fetch that authentication object from securityContext.
                I m not able to deploy your test application as it is giving me some errors which i fail to understand :
                Code:
                08:28:36,283 INFO  [STDOUT] 08:28:36,252 ERROR [ContextLoader] Context initialization failed
                org.springframework.beans.factory.BeanCreationException: Error creating
                 bean with name 'springSecurityFilterChain' defined in class path resource
                 [applicationContext.xml]: Invocation of init method failed; nested exception
                 is org.springframework.beans.factory.BeanCreationException: Error creating
                 bean with name 'logoutFilter' defined in class path resource
                 [applicationContext.xml]: Cannot resolve reference to bean
                 'rememberMeServices' while setting constructor argument with key [0];
                 nested exception is
                 org.springframework.beans.factory.BeanCreationException: Error creating
                 bean with name 'rememberMeServices' defined in class path resource
                 [applicationContext.xml]: Cannot resolve reference to bean
                 'userDetailsService' while setting bean property 'userDetailsService'; nested
                 exception is org.springframework.beans.factory.BeanCreationException: Error
                 creating bean with name 'userDetailsService' defined in class path resource
                 [applicationContext.xml]: Instantiation of bean failed; nested exception is
                 org.springframework.beans.BeanInstantiationException: Could not instantiate
                 bean class [com.maverick.UserDetailsServiceImpl]: Constructor threw
                 exception; nested exception is java.lang.Error: Unresolved compilation
                 problems: 
                	The import org.springframework cannot be resolved
                	The import org.springframework cannot be resolved
                	The import org.springframework cannot be resolved
                	The import org.springframework cannot be resolved
                	UserDetailsService cannot be resolved to a type
                	UserDetails cannot be resolved to a type
                	UsernameNotFoundException cannot be resolved to a type
                	DataAccessException cannot be resolved to a type
                	The method retrieve() is undefined for the type IDatabaseAPI

                Comment


                • #9
                  The exception you r getting shows up when u try to access secured method without going thru authentication process with success, as it stores authentication object in security context after authentication success. So every time u try to access secured method it will fetch that authentication object from securityContext.
                  During authentication process DaoAuthenticationProvider calls UserDetailsService.loadUserByUsername methods, which calls secured method. At this moment there is no authentication object in security context. It will be put in security context later in AuthenticationProcessingFilter after successful authentication.
                  But loadUserByUsername intercepted via autorization mechanism, that is why authorization is called before successful authentication.

                  I m not able to deploy your test application as it is giving me some errors which i fail to understand
                  It is because eclipse .classpath has entries to local maven cache.

                  Comment

                  Working...
                  X