Results 1 to 2 of 2

Thread: Tomcat (JDBCRealm) + Spring @Secured annotation . Do i need authentication-provider ?

  1. Jan 19th, 2012, 09:57 AM #1
    verderaul
    verderaul is offline Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default Tomcat (JDBCRealm) + Spring @Secured annotation . Do i need authentication-provider ?

    Guys,

    I am stuck with this issue and don't know how to resolve this.

    Tomcat Setup
    1.) I have defined my users and roles in the DB and use JDBCRealm in Tomcat to authenticate.


    Spring Setup
    1.) My method looks like this :

    @Secured({"ROLE_ADMIN","ROLE_MEMBER"})
    public List<Test> execute(Settings settings);

    * The HttpServletRequest object does have the UserPrincipal before i make a call to this execute method. I also see the correct role in UserPrincipal.

    2.) My application-context.xml looks like this :

    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChai nProxy">
    <sec:filter-chain-map path-type="ant">
    <sec:filter-chain pattern="/images/**" filters="none"/>
    <sec:filter-chain pattern="/css/**" filters="none"/>
    <sec:filter-chain pattern="/scripts/**" filters="none"/>
    <sec:filter-chain pattern="/**" filters="httpRequestFilter" />
    </sec:filter-chain-map>
    </bean>
    <bean id="httpRequestFilter" class="com.admin.web.security.Filter"/>

    <sec:global-method-security secured-annotations="enabled" />

    * Spring tells me i need to add an "authentication-provider". If i am already authenticating using JDBCRealm....how can i leverage that ?

    When i did create an "authentication-provider" like shown below, i get a BadCredentialsException.

    <bean id="authenticationManager" class="org.springframework.security.authentication .ProviderManager">
    <property name="providers">
    <list>
    <ref local="daoAuthenticationProvider" />
    </list>
    </property>
    </bean>

    <bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication .dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService" />
    <property name="hideUserNotFoundExceptions"
    value="false" />
    </bean>

    <sec:authentication-manager>
    <sec:authentication-provider>
    <sec:user-service id="userDetailsService">
    <sec:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
    </sec:user-service>
    </sec:authentication-provider>
    </sec:authentication-manager>


    Please help !!!
    Reply With Quote Reply With Quote
  2. Jan 20th, 2012, 09:17 AM #2
    verderaul
    verderaul is offline Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default

    Dont worry about it guys...i figured it out.

    This is what i needed : http://static.springsource.org/sprin...e/preauth.html

    The webapp : "samples/preauth" is extremely helpful.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules