How to link my custom authentication manager

[spamoi]

Hi,

I'm currently developping a webapp with spring security 3.1 and hibernate jpa-2.0

Before I deal with hibernate in the authentication process, I tried with in-memory configuration like that

Code:

<!-- 	<authentication-manager alias="authenticationManager"> -->
<!-- 		<authentication-provider> -->
<!-- 		<user-service> -->
<!-- 			<user authorities="ROLE_USER" name="user" password="user"/> -->
<!-- 			<user authorities="ROLE_ADMIN" name="admin" password="admin"/> -->
<!-- 			<user authorities="ROLE_SM" name="sm" password="sm"/> -->
<!-- 		</user-service> -->
<!-- 		</authentication-provider> -->
<!-- 	</authentication-manager> -->

and it worked perfectly.

Now I want to use what is in my DB. I followed those instructions : http://stackoverflow.com/questions/2...with-hibernate

So I have a good "start-base".
I have the classes : Assembler and UserDetailsService UserDetailsService use my Dao.

in my project-security.xml I replaced the block above by

Code:

<beans:bean id="daoAuthenticationProvider"
           class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
  <beans:property name="providers">
    <beans:list>
      <beans:ref local="daoAuthenticationProvider" />
    </beans:list>
  </beans:property>
</beans:bean>

<authentication-manager>
  <authentication-provider user-service-ref="userDetailsService"/>
</authentication-manager>

but at the execution I get an exception about the filterChains bean :

Code:

SEVERE: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#1' while setting bean property 'sourceList' with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#1': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.authentication.logout.LogoutFilter] while setting constructor argument with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#3': Cannot resolve reference to bean 'org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0' while setting constructor argument with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0': Cannot create inner bean '(inner bean)' while setting bean property 'userDetailsService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#4': Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [org.springframework.security.core.userdetails.UserDetailsService org.springframework.security.config.http.UserDetailsServiceFactoryBean.cachingUserDetailsService(java.lang.String)] threw exception; nested exception is org.springframework.context.ApplicationContextException: No UserDetailsService registered.

and I have no clues what to do with it. I didn't modify something about the filterChain or something else.

Any ideas ?

thanks.

[venosov]

Hi, if you'd like to use only DB, you can code something like:

Code:

<bean id="dataSource"
  class="org.springframework.jdbc.datasource.DriverManagerDataSource">
  <property name="driverClassName"
    value="org.apache.derby.jdbc.ClientDriver" />
  <property name="url"
    value="jdbc:derby://localhost:1527/app;create=true" />
  <property name="username" value="app" />
  <property name="password" value="app" />
</bean>
<authentication-manager>
  <authentication-provider>
    <jdbc-user-service data-source-ref="dataSource" />
  </authentication-provider>
</authentication-manager>

Review the configuration of filters in web.xml:

Code:

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>
    org.springframework.web.filter.DelegatingFilterProxy
  </filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

[spamoi]

Hi,

actually, I'm not using directly a DB, I use orm through hibernate.
I've already found a lot of explication about how to connect a DB to the authentication-provider, but not about how to say to spring security how to deal with hibernate.

And by the way, my filter about springSecurityFilterChain is quiet similar, but I post it anyway.

Code:

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>ERROR</dispatcher>
    </filter-mapping>

Before my question goes deep like other questions about the same subject, maybe someone know something about a doc ? What I found in the spring security documentation is only about jdbc.

Thanks !