Announcement Announcement Module
Collapse
No announcement yet.
Spring social with spring security annotation config No authentication provider found Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring social with spring security annotation config No authentication provider found

    Hi,
    I have a multi module maven project. I am using java annotation config on this application. I have integrated the spring security annotation config spring-social example into my application. Unfortunately, I couldn't get it to work properly. Here is the error I'm getting when I try to login with my Facebook login.

    Authentication Failed: No AuthenticationProvider found for org.springframework.social.security.SocialAuthenti cationToken
    Everything seems in place, normal spring security filters work.

    Code:
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeUrls()
                    .antMatchers("/resources/**","/auth/**","/signup/**","/disconnect/facebook").permitAll()
                    .anyRequest().authenticated()
                    .and()
                .addFilterBefore(socialAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)
                .logout()
                    .deleteCookies("JSESSIONID")
                    .logoutUrl("/signout")
                    .permitAll()
                    .and()
                .formLogin()
                    .loginPage("/signin")
                    .loginProcessingUrl("/signin/authenticate")
                    .failureUrl("/signin?param.error=bad_credentials")
                    .permitAll();
        }
    SocialSecurityConfig is same from Spring-security annotation configuration examples
    Code:
    @Configuration
    public class SocialSecurityConfig {
    
        @Inject
        private Environment environment;
    
        @Inject
        private UsersConnectionRepository usersConnectionRepository;
    
        @Bean
        public SocialAuthenticationFilter socialAuthenticationFilter(AuthenticationManager authenticationManager, SocialAuthenticationServiceLocator authenticationServiceLocator) {
            SocialAuthenticationFilter socialAuthenticationFilter = new SocialAuthenticationFilter(authenticationManager, userIdSource(), usersConnectionRepository, authenticationServiceLocator);
            socialAuthenticationFilter.setSignupUrl("/redrum-web/signup"); // TODO: Fix filter to handle in-app paths
    // FIXME add remember me        socialAuthenticationFilter.setRememberMeServices(rememberMeServices);
            return socialAuthenticationFilter;
        }
    
        @Bean
        public SocialAuthenticationProvider socialAuthenticationProvider(UserDetailsService userDetailsService) {
            return new SocialAuthenticationProvider(usersConnectionRepository, socialUsersDetailsService(userDetailsService));
        }
    
        @Bean
        public SocialUserDetailsService socialUsersDetailsService(UserDetailsService userDetailsService) {
            return new SimpleSocialUsersDetailService(userDetailsService);
        }
    
        @Bean
        public UserIdSource userIdSource() {
            return new AuthenticationUserIdExtractor();
        }
    	
    }
    And SocialConfig class... I'm using my own consumer keys and secrets...
    Code:
    @Configuration
    //@Profile("simple")
    @EnableJdbcConnectionRepository
    @EnableTwitter(appId="${twitter.consumerKey}", appSecret="${twitter.consumerSecret}")
    @EnableFacebook(appId="${facebook.clientId}", appSecret="${facebook.clientSecret}")
    //@EnableLinkedIn(appId="${linkedin.consumerKey}", appSecret="${linkedin.consumerSecret}")
    public class SocialConfig {
    
    	@Inject
    	private Environment environment;
    	
    	@Inject
    	private ConnectionFactoryLocator connectionFactoryLocator;
    	
    	@Inject 
    	private ConnectionRepository connectionRepository;
    
    	@Inject 
    	private UsersConnectionRepository usersConnectionRepository;
    
    	@Bean
    	public ConnectController connectController() {
    		ConnectController connectController = new ConnectController(connectionFactoryLocator, connectionRepository);
    //		connectController.addInterceptor(new PostToWallAfterConnectInterceptor());
    //		connectController.addInterceptor(new TweetAfterConnectInterceptor());
    		return connectController;
    	}
    	
    	@Bean
    	public DisconnectController disconnectController() {
    		return new DisconnectController(usersConnectionRepository, environment.getProperty("facebook.clientSecret"));
    	}
    	
    	@Bean
    	public UserIdSource userIdSource() {
    		return new AuthenticationNameUserIdSource();
    	}
    
    }
    I see below log entry, but I have the failure URL set in the security config

    21:47:23.550 [http-bio-8080-exec-9] DEBUG o.s.s.s.SocialAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.Provid erNotFoundException: No AuthenticationProvider found for org.springframework.social.security.SocialAuthenti cationToken
    21:47:23.550 [http-bio-8080-exec-9] DEBUG o.s.s.s.SocialAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
    21:47:23.550 [http-bio-8080-exec-9] DEBUG o.s.s.s.SocialAuthenticationFilter - Delegating to authentication failure handler org.springframework.social.security.SocialAuthenti cationFailureHandler@49aa5056
    21:47:23.550 [http-bio-8080-exec-9] DEBUG o.s.s.w.a.SimpleUrlAuthenticationFailureHandler - No failure URL set, sending 401 Unauthorized error
    21:47:23.550 [http-bio-8080-exec-9] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
    21:47:23.550 [http-bio-8080-exec-9] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
    Last edited by blumm; Jul 13th, 2013, 09:49 PM.

  • #2
    Fixed couple minor problems, my code was exactly same with spring security annotation config social sample

    Some changes that worked for me on that example,
    Diff SocialConfig.class
    Code:
    @@ -75,7 +76,7 @@ public class SocialConfig {
     	
     	@Bean
     	public UserIdSource userIdSource() {
    -		return new AuthenticationNameUserIdSource();
    +		return new AuthenticationUserIdExtractor();
     	}
     
     }
    Also there was a minor problem with logout, added below line on SocialConfig made it work.
    Code:
    +                .logoutSuccessUrl("/signin");
    Last edited by blumm; Jul 14th, 2013, 09:38 PM.

    Comment


    • #3
      Still no luck getting this work. Seems Spring security is messed somehow
      I can see it gets response and profile from Facebook but somehow fails, log excerpt below

      21:26:59.865 [http-bio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /auth/facebook?code=blah at position 3 of 10 in additional filter chain; firing Filter: 'SocialAuthenticationFilter'
      ...........................
      21:27:30.175 [http-bio-8080-exec-5] DEBUG o.s.web.client.RestTemplate - Writing [{client_id=[client], client_secret=[secret], code=[blah], redirect_uri=[http://localhost:8080/myapp/auth/facebook], grant_type=[authorization_code]}] using [org.springframework.social.facebook.connect.Facebo okOAuth2Template$1@1de82e84]
      21:27:32.021 [http-bio-8080-exec-5] DEBUG o.s.web.client.RestTemplate - POST request for "https://graph.facebook.com/oauth/access_token" resulted in 200 (OK)
      .....................
      21:30:33.912 [http-bio-8080-exec-5] DEBUG o.s.s.s.SocialAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.Provid erNotFoundException: No AuthenticationProvider found for org.springframework.social.security.SocialAuthenti cationToken
      21:30:33.912 [http-bio-8080-exec-5] DEBUG o.s.s.s.SocialAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
      ......
      So I can confirm in my security annotation configuration below works
      Code:
      .addFilterBefore(socialAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)
      But somehow I'm getting, "No AuthenticationProvider found for org.springframework.social.security.SocialAuthenti cationToken"???
      I'm pretty sure below beans are working too.
      Code:
      Inside SecurityConfig->
          @Autowired
          private SocialAuthenticationFilter socialAuthenticationFilter;
      
      Inside SocialSecurityConfig->
          @Bean
          public SocialAuthenticationFilter socialAuthenticationFilter(AuthenticationManager authenticationManager, SocialAuthenticationServiceLocator authenticationServiceLocator) {
              SocialAuthenticationFilter socialAuthenticationFilter = new SocialAuthenticationFilter(authenticationManager, userIdSource(), usersConnectionRepository, authenticationServiceLocator);
              socialAuthenticationFilter.setSignupUrl("/myapp/signup"); // TODO: Fix filter to handle in-app paths
              // FIXME add remember me
              //socialAuthenticationFilter.setRememberMeServices(rememberMeServices);
              socialAuthenticationFilter.setEnvironment(environment);
              return socialAuthenticationFilter;
          }
      I'm not seeing how I messed up the security context here, please help if you can see it.
      Thanks

      Comment


      • #4
        A good dinner definitely helps! found the problem.
        Code:
        @Override
            protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
                
            	auth
                    .jdbcAuthentication()
                        .dataSource(dataSource)
                    ............
        	
        >>>>    	auth.authenticationProvider(socialAuthenticationProvider);
            }
        Adding this line to SecurityConfig solves the problem.

        Note: Spring security annotation config social sample is buggy, there are several bugs in that code.

        Comment


        • #5
          Heh! I saw your forum post *late* last night, but was too tired to respond intelligently to it (and, I've not had a chance to try out the new Spring Security JavaConfig stuff yet beyond a very simple example). So, I put it on my mental TODO list to get back with you on it this morning.

          Looks like you've got it figured out, though. Good to hear. And I'll be sure to review *your* work as you've posted it here when I get around to updating my sample to use the new Spring Security JavaConfig option.

          As for the bugs in that sample, be sure to call attention to those in the security forum or in the issue tracker (https://jira.springsource.org/browse/SEC) if you've not done so already.

          Comment


          • #6
            Thanks for reply and the hard work on social module, that turned out to be very useful to me.
            Created https://jira.springsource.org/browse/SEC-2204 as requested.

            Comment

            Working...
            X