More than one UserDetailsService

[guepardo190889]

Appfuse 1.9.4 update for Work Related to Spring 2.0 and now I have spring-security 2.0.7

I want to do is to give users two ways to login to my application
1. For form (with username and contrasenia)
2. For OpenID (using for that a Google Apps domain)

I have two separate. jsp where one is for normal logue (login.jsp) and the other for OpenID (login_openid.jsp)

The only form logging in, if I comment about the openid works fine, but now that you enable openid does not work with the error "More than one UserDetailsService registered. "

I understand that implements its own UserDetailsService appfuse in Class User.java I put down.

Still unclear to me how to operate openID with Google Apps domains (if you help me on that side will thank you), but for now I wish I could try an in-memory <user_service> to test the normal openID (without using a domain Google Apps yet). The case is not working and I hope your help. Thanks.

My security file:

security.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
			xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			xmlns:beans="http://www.springframework.org/schema/beans"
			xsi:schemaLocation="http://www.springframework.org/schema/beans 
								http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
								http://www.springframework.org/schema/security
								http://www.springframework.org/schema/security/spring-security-2.0.6.xsd">

    <beans:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <beans:property name="loginFormUrl" value="/login.jsp"/>
    </beans:bean>

    <http auto-config="false" entry-point-ref="entryPoint">
        <intercept-url pattern="/login.jsp*" filters="none" />
        <intercept-url pattern="/mainMenu.html" access="ROLE_EMPUM,ROLE_ADMIN,ROLE_USER"/>
        <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/>
        
        
		<form-login login-page="/login.jsp" 
					authentication-failure-url="/login.jsp?error=true"
					login-processing-url="/j_spring_openid_security_check"/>
        
        <logout logout-url="/logout.jsp" 
        		logout-success-url="/login.jsp" 
        		invalidate-session="true"/>
       	
		<openid-login login-page="/login_openid.jsp" />
    </http>

	<!-- 
	<authentication-provider user-service-ref="userDao">
		<password-encoder ref="passwordEncoder"/>
	</authentication-provider> -->

	<!-- <authentication-manager alias="authenticationManager" /> -->
	
	<beans:bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
		<beans:property name="providers">
			<beans:list>
				<beans:idref bean="userDao"/>
				<beans:ref local="userService"/>
			</beans:list>
		</beans:property>
	</beans:bean>
	
    <!-- <beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder" /> -->
    
    <global-method-security>
    	<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
    	<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
    </global-method-security>
     
    <beans:bean id="userDao" class="mx.edu.um.dao.hibernate.UserDaoHibernate">
        <beans:property name="sessionFactory" ref="sessionFactory"/>
    </beans:bean>
     
	<user-service id="userService">
		<user name="https://el-azar-ordenado.blogspot.com"
				password="notused"
				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
		<user name="http://guepardo190889.myopenid.com"
				password="notused"
				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
		<user name="https://www.google.com/accounts/o8/id?id=AItxxioJSDLFJLjxcksdfjOpAASDFosSSoJ0E"
				password=""
				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
		</user-service> 
</beans:beans>

The stack trace error:

Code:

[financiero] ERROR [main] ContextLoader.initWebApplicationContext(206) | Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_openIDAuthenticationProvider': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
Caused by: org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
	at org.springframework.security.config.UserDetailsServiceInjectionBeanPostProcessor.getUserDetailsService(UserDetailsServiceInjectionBeanPostProcessor.java:111)
	at org.springframework.security.config.UserDetailsServiceInjectionBeanPostProcessor.injectUserDetailsServiceIntoOpenIDProvider(UserDetailsServiceInjectionBeanPostProcessor.java:91)
	at org.springframework.security.config.UserDetailsServiceInjectionBeanPostProcessor.postProcessBeforeInitialization(UserDetailsServiceInjectionBeanPostProcessor.java:38)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1168)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:427)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:291)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
	at mx.edu.um.webapp.listener.StartupListener.contextInitialized(StartupListener.java:48)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3795)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4252)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:634)
	at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:561)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:496)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1203)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:319)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

The class User.java (some methods are omitted)

Code:

package org.appfuse.model;

import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;

import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.UserDetails;

public class User extends BaseObject implements Serializable, UserDetails {
    protected Long id;
    protected String username;                    
    protected String password;                    
    protected Set roles = new HashSet();
    protected boolean enabled;
    protected boolean accountExpired;
    protected boolean accountLocked;
    protected boolean credentialsExpired;

    public User() {}

    public User(String username) {
        this.username = username;
    }

    public Long getId() {
        return id;
    }
...
...
    public Set getRoles() {
        return roles;
    }

    public void addRole(Role role) {
        getRoles().add(role);
    }
    
    /**
     * @see org.acegisecurity.userdetails.UserDetails#getAuthorities()
     */
    public GrantedAuthority[] getAuthorities() {
        return (GrantedAuthority[]) roles.toArray(new GrantedAuthority[0]);
    }
    
...
...
}

[Rob Winch]

and now I have spring-security 2.0.7

I assume you mean 2.0.6 since there is no 2.0.7 version. If you can help it, I would try to avoid this version. If possible, use Spring Security 3.0.5.RELEASE.

The only form logging in, if I comment about the openid works fine, but now that you enable openid does not work with the error "More than one UserDetailsService registered. "

I understand that implements its own UserDetailsService appfuse in Class User.java I put down.

To avoid the exception when you have multiple UserDetailsService's you need to specify which one the OpenIDAuthenticationProvider should use. An example is given below:

Code:

<openid-login login-page="/login_openid.jsp" user-service-ref="userDao"/>

Still unclear to me how to operate openID with Google Apps domains (if you help me on that side will thank you), but for now I wish I could try an in-memory <user_service> to test the normal openID (without using a domain Google Apps yet). The case is not working and I hope your help. Thanks.

OpenID4Java uses HttpClient by default which does not play well with Google App Engine. OpenID4Java's latest release now allows swapping out HttpClient. This tutorial demonstrates how to get Spring Security OpenID to work in App Engine by swapping out HttpClient (note in the blog it states that openid4java has not been released, but it has since been released).

[guepardo190889]

thanks for answer...

I corrected my security.xml and now I try to access my application through my mail from my google apps domain: um.edu.mx but not working. This is the error I get:

Security:

Code:

	 
    <http auto-config="false" entry-point-ref="entryPoint">
        <intercept-url pattern="/login.jsp*" filters="none" />
        <intercept-url pattern="/mainMenu.html" access="ROLE_EMPUM,ROLE_ADMIN,ROLE_USER"/>
        <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/>
		         
		<form-login login-page="/login.jsp" 
					authentication-failure-url="/login.jsp?error=true"
					login-processing-url="/j_spring_security_check"/> 
        
		<openid-login login-page="/login.jsp"
						user-service-ref="userServiceOpenID"
						authentication-failure-url="/login.jsp?error=true"
						login-processing-url="/j_spring_openid_security_check"/>
		 
        <logout logout-url="/logout.jsp" 
        		logout-success-url="/login.jsp" 
        		invalidate-session="true"/>
    </http>

    <authentication-manager alias="authenticationManager" />
	
    <authentication-provider user-service-ref="userDao">
    	<password-encoder ref="passwordEncoder" />
    </authentication-provider>
    
	<user-service id="userServiceOpenID">
		<user name="https://el-azar-ordenado.blogspot.com"
				password="notused"
				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
		<user name="http://guepardo190889.myopenid.com/"
				password="notused"
				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
				<!-- guepardo190889@gmail.com -->
		<user name="https://www.google.com/accounts/o8/id?id=AItOawl3jFK6g5Li57SfDml16_RAoAZBKBsIXdE" 
				password=""
				authorities="ROLE_ADMIN,ROLE_USER,ROLE_EMPUM"/>
	</user-service>

	<beans:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <beans:property name="loginFormUrl" value="/login.jsp"/>
    </beans:bean> 

	<beans:bean id="userDao" class="mx.edu.um.dao.hibernate.UserDaoHibernate">
        <beans:property name="sessionFactory" ref="sessionFactory"/>
        <!-- <beans:property name="passwordEncoder" ref="passwordEncoder"/> -->
    </beans:bean> 
		
	<beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder" />
	
	<global-method-security>
    		<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
    		<protect-pointcut expression="execution(* mx.edu.um.service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
    </global-method-security> 
</beans:beans>

Error:

Code:

[financiero] DEBUG [http-8080-Processor24] OpenIDAuthenticationProcessingFilter.unsuccessfulAuthentication(210) | Updated SecurityContextHolder to contain null Authentication
[financiero] DEBUG [http-8080-Processor24] Discovery.parseIdentifier(113) | Creating URL identifier for: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx
[financiero] DEBUG [http-8080-Processor24] UrlIdentifier.normalize(112) | Normalized: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx to: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx
[financiero] INFO [http-8080-Processor24] Discovery.discover(184) | Starting discovery on URL identifier: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx
[financiero] DEBUG [http-8080-Processor24] YadisResolver.headXrdsUrl(527) | Performing HTTP HEAD on: https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx ...
[financiero] INFO [http-8080-Processor24] YadisResolver.discover(237) | Yadis discovery failed on https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx, status: 4, error message: I/O transport error: 
[financiero] INFO [http-8080-Processor24] Discovery.discover(201) | No OpenID service endpoints discovered through Yadis; attempting HTML discovery...
[financiero] DEBUG [http-8080-Processor24] HtmlResolver.call(163) | Fetching https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx...
[financiero] ERROR [http-8080-Processor24] OpenIDAuthenticationProcessingFilter.determineFailureUrl(117) | Unable to consume claimedIdentity [https://www.google.com/accounts/o8/site-xrds?hd=um.edu.mx]
org.springframework.security.ui.openid.OpenIDConsumerException: Error during discovery
	at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:75)
	at org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.determineFailureUrl(OpenIDAuthenticationProcessingFilter.java:115)
	at org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.unsuccessfulAuthentication(OpenIDAuthenticationProcessingFilter.java:213)
	at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:263)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
	at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
	at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
	at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:406)
	at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
	at java.lang.Thread.run(Thread.java:662)
Caused by: org.openid4java.discovery.DiscoveryException: Fatal transport error: 
	at org.openid4java.discovery.HtmlResolver.call(HtmlResolver.java:201)
	at org.openid4java.discovery.HtmlResolver.discover(HtmlResolver.java:134)
	at org.openid4java.discovery.Discovery.discover(Discovery.java:204)
	at org.openid4java.discovery.Discovery.discover(Discovery.java:138)
	at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:497)
	at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:73)
	... 31 more
Caused by: java.net.SocketTimeoutException: Read timed out
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(SocketInputStream.java:129)
	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
	at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
	at org.openid4java.discovery.HtmlResolver.call(HtmlResolver.java:165)
	... 36 more

[guepardo190889]

i'm using openid 0.9.3 and do not upgrade to spring security 3 by problems with the core clasess from appfuse.