Results 1 to 3 of 3

Thread: Autowire on custom authentication provider doesn't work

  1. Oct 6th, 2011, 05:05 AM #1
    ulsa
    ulsa is offline Senior Member
    Join Date
    Jul 2005
    Location
    Helsingborg, Sweden
    Posts
    504

    Default Autowire on custom authentication provider doesn't work

    A custom authentication provider with @Autowired dependencies doesn't get the dependencies wired. The problem seems to be the <debug /> element. I have a small sample project that demonstrates the problem:

    https://github.com/ulsa/spring-security-wiring

    I'm using Spring Security 3.1.0.RC3. The setup consists of a service interface and a service impl:

    Code:
    public interface MyService {
    Authentication doSomething(Authentication authentication);
}

@Service
public class MyServiceImpl implements MyService {
    @Override
    public Authentication doSomething(Authentication authentication) {
        System.out.println("in MyServiceImpl#doSomething()");
        return authentication;
    }
}
    The service is injected into a custom AuthenticationProvider:

    Code:
    @Component("authenticationProvider")
public class MyappAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private MyService service;

    @Override
    public Authentication authenticate(Authentication authenticationRequest) throws AuthenticationException {
        Authentication authentication = service.doSomething(authenticationRequest);
        if (authentication == null)
            throw new BadCredentialsException("Invalid userid or wrong password");
        return authentication;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }
}
    I have a simple root application context which enables component scanning:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="
   http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

    <context:component-scan base-package="com.jayway.myapp"/>

</beans>
    I have a security context, which is also a root application context:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- comment out this to get autowire working -->
    <debug/>

    <http use-expressions="true">
        <intercept-url pattern="/secure/**" access="isAuthenticated()"/>
        <intercept-url pattern="/**" access="permitAll"/>
        <form-login/>
    </http>

    <authentication-manager>
        <authentication-provider ref="authenticationProvider"/>
    </authentication-manager>

</beans:beans>
    The web.xml loads the contexts and sets up the filter:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <display-name>myapp</display-name>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/myapp-context.xml
            /WEB-INF/security-context.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>
    As I describe in the README.md on GitHub, browsing to the secure part of the site brings up a login page, and upon submit we get a NullPointerException. Commenting out the <debug /> element will solve the problem.

    When printing the stack trace at the point of the MyappAuthenticationProvider constructor for the two scenarios, we get very different results. See README.md for more details.
    Last edited by ulsa; Oct 6th, 2011 at 05:38 AM.
    Ulrik Sandberg
    Jayway (www.jayway.com)
    Spring LDAP project member
    Reply With Quote Reply With Quote
  2. May 9th, 2012, 05:46 AM #2
    Tin Maung Htay
    Tin Maung Htay is offline Junior Member
    Join Date
    May 2012
    Posts
    1

    Default

    You save my day. Thanks
    Reply With Quote Reply With Quote
  3. May 9th, 2012, 08:31 AM #3
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    To assist others that hit this thread this will be fixed in 3.1.1 SEC-1911
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules