Announcement Announcement Module
Collapse
No announcement yet.
New to Spring - Custom Authentication with UserDetails Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • New to Spring - Custom Authentication with UserDetails

    I just implemented AuthenticationProvider and UserDetailsService in two seperate classes and mentioned below is the config I provided in applicationContext.xml

    HTML Code:
    <security:http auto-config='true'>
    		<security:intercept-url pattern="/**" access="ROLE_USER" />
    	</security:http>
    
    	<bean id="m" class="com.samples.auth.MyAuthProvider" />
    	<bean id="us" class="com.samples.auth.MyUserService" />
    	
    	<security:authentication-manager alias="authenticationManager">
    		<security:authentication-provider ref="m" user-service-ref="us">		
    		</security:authentication-provider>
    	</security:authentication-manager>

    Now When I run app, MyAuthProvider is called but UserService is not.

    Is it the correct way of authenticating?
    How will I load any custom userDetail attribute then?
    Should GrantedAuthorityImpl objects set in MyAuthProvider be the same only as will be set in MyUserService?

    The framework also forced me to set ROLE_ANONYMOUS role also along with ROLE_USER, is it mandatory?

    Please help or guide some simple step by step tutorial

  • #2
    If you are using the latest version, this configuration should give an error. You can't use "ref" and "user-service-ref" together. Use one or the other. You can use multiple <authentication-provider> elements if you have several sources of authentication information.

    I'd recommend you spend some time reading the namespace chapter.

    Comment


    • #3
      There is no error actually.

      MyAuthenticationProvider is getting called and if username/passwd matches it works, but UserService is not getting called even.

      It seems either of these is called if both are configured - AuthenticationProvider and UserDetailsService??

      Comment


      • #4
        If you're using the latest version and there's no error, then it's a bug. You should only use one or the other.

        Comment


        • #5
          Custom Authentification

          Hello, i spent many hours trying to implement a custom autentification provider.

          I'm using the latest version 3.1.0 M2 of the security framework.

          I need my login screen to call a "custom something" which will call a web service to authenticate my user.

          So I think that I should use a Custom Authentification provider. But to use the provider a need also a UserDetailsService, so I implemented one too...

          When I start the server I get this exception :

          framework.beans.factory.BeanCreationException: Error creating bean with name 'customAuthenticationProvider' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyExcep tion: Invalid property 'userDetailsService' of bean class [com.blc.spring.security.CustomAuthenticationProvid er]: Bean property 'userDetailsService' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?


          So what I'm doing bad ????

          Regards,

          Carl

          Code:
          public class MyUserDetailsService implements UserDetailsService {
          	 
           
              @Override
              public UserDetails loadUserByUsername(String username)
                      throws UsernameNotFoundException, DataAccessException {
              	User tmpUser = new User("id", "password", true, true, true, true, getAuthorities(true));
              	return tmpUser;
                 
              }
           
              private Collection<GrantedAuthority> getAuthorities(boolean isAdmin) {
                  List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
                  authList.add(new GrantedAuthorityImpl("ROLE_USER"));
                  if (isAdmin) {
                      authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
                  }
                  return authList;
              }
           }
          Code:
          public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
          
          	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
          		
          		return null;
          	}
          
          	@Override
          	protected void additionalAuthenticationChecks(UserDetails arg0,
          			UsernamePasswordAuthenticationToken arg1)
          			throws AuthenticationException {
          		// TODO Auto-generated method stub
          		
          	}
          
          	@Override
          	protected UserDetails retrieveUser(String arg0,
          			UsernamePasswordAuthenticationToken arg1)
          			throws AuthenticationException {
          		// TODO Auto-generated method stub
          		return null;
          	}
          
          }
          my security.xml config :

          Code:
           
          
            <beans:bean id="customUserDetailsService" class="com.blc.spring.security.MyUserDetailsService">
             </beans:bean>
              
             <beans:bean id="customAuthenticationProvider" class="com.blc.spring.security.CustomAuthenticationProvider"	>
               <beans:property name="userDetailsService"><beans:ref local="customUserDetailsService" /></beans:property>
             </beans:bean> 
             
             <authentication-manager>
             <authentication-provider ref="customAuthenticationProvider" /> 
            </authentication-manager>

          Comment


          • #6
            Please don't post your questions in old threads - start a new one.

            You are trying to inject a bean into another one in your configuration but there is no setter method available to allow it. Please read up on how basic Spring dependency injection works before trying to use Spring Security.

            Also you don't need to implement a UserDetailsService or extend AbstractUserDetailsAuthenticationProvider. You can just implement the contract from AuthenticationProvider directly.

            Comment

            Working...
            X