Good example how to use database for user loging / roles

[tkojemile]

Hi,

I have a problem that can't solve googling...
I try to use database for defining user roles.

On this article:
http://www.mularien.com/blog/2008/07...ring-security/
there is good explanation hoe to use this, but I have few questions because I got stupid error.

This is my code/config:

Code:

		<security:authentication-provider>
				<security:jdbc-user-service data-source-ref="dataSource"/>
		</security:authentication-provider>

    <bean id="dataSource"
          class="com.mypack.springsecurity.auth.AuthorizationService">
    </bean>

and bean that is hardcoded, just to try...

Code:

public class AuthorizationService implements UserDetailsService {

	private static Logger log = Logger.getLogger(AuthorizationService.class.getName());
		
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
		log.info("LOGIN-AUTH: " + username);
		
		String userPwd = "21232f297a57a5a743894a0e4a801fc3"; // get pwd of username
		int userId = 1; // get id of username
						
		try {
			log.info("LOGIN-CHECK-PASSWORD: " + username);
			return new User(String.valueOf(userId), userPwd, true, true, true, true, getGrantedAuthorities(userId)); 
		} catch(Exception e) {
			log.info("Failed to login user {" + e.getMessage() + "}");
			return null;
		}
	}
	
	private List<GrantedAuthority> getGrantedAuthorities(int userId) {
		List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();					
		GrantedAuthority authority = new GrantedAuthorityImpl("SUPER_ADMIN"); 
		authList.add(authority);
		return authList;
	}
}

and this is more/less all that I found for use of database...

but for some reason I got error:

Code:

Caused by: org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'com.mypack.springsecurity.auth.AuthorizationService' to required type 'javax.sql.DataSource' for property 'dataSource'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [com.mypack.springsecurity.auth.AuthorizationService] to required type [javax.sql.DataSource] for property 'dataSource': no matching editors or conversion strategy found
	at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:462)
	at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:499)
	at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:493)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.convertForProperty(AbstractAutowireCapableBeanFactory.java:1371)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1330)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
	... 62 more

Is there anything else I need to setup?

In same project I used:

Code:

    <authentication-provider>
        <password-encoder hash="md5"/>
        <user-service>
            <user name="admin" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_ADMIN" />
	    </user-service>
	</authentication-provider>

and it worked fine...

Thanks for answer or some good link!

Vedran

[RogerPf]

I have been treading this path recently. Mularien's book Spring security is great BUT to be honnest I have had difficulity getting any of the examples after chapeter 4 to build and run. The TEXT is however wonderful.

The root I have taken is to use Spring Roo (yes I know it is more work) to generate the core app.

You start by saying you want to a databse for user logging and Role selection (I assume you will want users in their own table too). While you need to find examples of ROO that does this (some do exist) I think you will find that using Roo to create the database saves you much more effort than you will expend on the examples.

I would start from the spring roo documentaion and examples after downloading and installing (the latest) STS 2.7.2

This jira https://jira.springsource.org/browse/ROO-532 may help, espically the "addon" mentioned at the end.

[Rob Winch]

The problem is that you have identified AuthorizationService as a DataSource when in fact it it appears to be a UserDetailsService. Instead try creating a DataSource object. If you look at the Spring Security contacts sample application you will find an example of authenticating users against a database.

[pmularien]

All of these are great suggestions. There are good instructions for building the Spring Security sample applications as Rob suggested, and that would be an excellent place to start. If you want to solve your problem, I would stop coding, read at least some of the concepts covered in the documentation, and pause to understand what your problem is. It should be very obvious if you understand the concepts.

@RogerPf, my apologies if you're having difficulty with the samples in the book! Something I am definitely looking to address as I start to plan the 2nd edition.

[RogerPf]

Hi Peter, Spring Secruity 3 is a fantastic book. I keep going back to it for a clear insights into how it all fits togeather.

As someone who has only recently come to this technology my wish list would be for your second edition to be more STS / maven centric. While I have been learning Spring I have certainly felt that (STS/maven) constrained me into better thinking.

Thanks for writing the book.