Senior Member
Are you implementing the AuthenticationProvider or extending something like AbstractUserDetailsAuthenticationProvider?But I when I use custom AuthenticationProvider, can't hit neither AuthenticationProvider.retrieveUser nor AuthenticationProvider.authenticate.
Is there a way to attach your code?
Amila Domingo
Junior Member
I use your code, that you posted earlier with blank methods. I just added debug breakpoints there:Originally Posted by amiladomingo
Code:public class MyAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { @Override public UserDetails retrieveUser(String userName, UsernamePasswordAuthenticationToken authentication) { return null; //BREAKPOINT } @Override protected void additionalAuthenticationChecks( org.springframework.security.core.userdetails.UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { int a=0; a++; //BREAKPOINT }
Senior Member
Security configurations are also the same as you posted?
Amila Domingo
Senior Member
Hey, try adding auto-config="true"
Code:<security:http auto-config="true">
Amila Domingo
Junior Member
Yes, but also I use <global-method-security pre-post-annotations="enabled" />
That doesn't help.
Senior Member
This works,
But this doesn'tCode:<security:http auto-config="true"> <security:intercept-url pattern="/js/**" filters="none" /> <security:intercept-url pattern="/images/**" filters="none" /> <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> <security:intercept-url pattern="/secured/**" access="ROLE_SECURED" /> <security:form-login login-page='/login.action' /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="jimi" password="jimi" authorities="ROLE_ADMIN" /> <security:user name="bob" password="bob" authorities="ROLE_SECURED" /> </security:user-service> </security:authentication-provider> </security:authentication-manager>
That's weiredCode:<security:http auto-config="true"> <security:intercept-url pattern="/js/**" filters="none" /> <security:intercept-url pattern="/images/**" filters="none" /> <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> <security:intercept-url pattern="/secured/**" access="ROLE_SECURED" /> <security:form-login login-page='/login.action' /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="authenticationProvider" /> </security:authentication-manager> <bean id="authenticationProvider" class="com.AuthenticationProvider"/>
Amila Domingo
Senior Member
Could you please post your most recent configuration file for Spring Security? If you have configured your AuthenticationProvider implementation correctly, it should be hitting the retrieveUser method.
A couple other sanity checks:
- You say your debugger never hits the breakpoint. Try setting a breakpoint somewhere you *know* it will hit, for example, in UsernamePasswordAuthenticationFilter. Does the breakpoint fire?
- Are you using "Remember Me"? If you are, and you are bypassing the login form, then your provider will not be called.
- You say it works if you are using the hard-coded usernames and passwords (from InMemoryDaoImpl). When you test your custom authentication provider, are you removing all other configured authentication providers?
- What exactly is your custom AuthenticationProvider _doing_?
Thanks in advance! Please answer all questions completely so we can help you better.
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
Junior Member
Here are all my recent configurations:
web.xml:
applicationContext-security:Code:<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>Struts Blank</display-name> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml /WEB-INF/applicationContext-security.xml classpath:corp-spring* </param-value> </context-param> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> </filter> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <listener> <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> </web-app>
In jsp for test purposes I use simple html form:Code:<beans xmlns:security="http://www.springframework.org/schema/security" xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/js/**" filters="none"/> <security:intercept-url pattern="/images/**" filters="none"/> <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> <security:intercept-url pattern="/secured/**" access="ROLE_SECURED" /> <security:form-login login-page='/login.action' default-target-url='/dashboard.action'/> </security:http> <security:authentication-manager> <security:authentication-provider ref="myAuthenticationProvider"/> </security:authentication-manager> <bean id="myAuthenticationProvider" class="com.colvir.portal.security.MyAuthenticationProvider"/> </beans>
MyAuthenticationProvider you can see in my upper post. Now it's doing nothing. But I want to call there my service method UserService.authentificate(String username, String password).Code:<form action="j_spring_security_check" name="myform" method="post"> <input type="text" name="j_username" value="aaa"> <input type="text" name="j_password" value="bbb"> <input name="Submit" type=submit value="Submit"> </form>
Senior Member
One thing I notice is that you don't have intercept-url patterns covering your whole application (I assume). What happens when you enter credentials in your login form? Do you get logged in? Do you get an error? What page do you end up at?
Also, try turning on DEBUG level logging for org.springframework.security - it may help you out.
Please answer all my questions when you reply next - thanks!
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
Senior Member
Spring Team
In the first post the code did not extend AbstractUserDetailsAuthenticationProvider and so you would need to ensure that MyAuthenticationProvider.supports returns true for supporting a UsernamePasswordAuthenticationToken. An example can be found in the AbstractUserDetailsAuthenticationProvider.supports method. Now that you are extending AbstractUserDetailsAuthenticationProvider the method is already implemented correctly for you. Given that, I would doubt this is your issue.
I recommend that you follow Peter's (pmularien) steps especially enabling debugging. If looking at the logs does not help you, paste your logs on the forum and that will likely be enough for someone to assist you.
Posting Permissions
Reply With Quote