Help!! InMemoryDaoImpl does not work.

[bladefenix]

Configure the imMemoryImpl as below

Code:

<bean id="inMemoryImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
			  scott=wombat,enabled,ROLE_TELLER
			</value>
		</property>
</bean>

but it doesn't work. When i type the user name "scott" and password "wombat" in the login page it always throw a Bad credentials exception.
I disable the scott as this:

Code:

<bean id="inMemoryImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
			  scott=wombat,disable,ROLE_TELLER
			</value>
		</property>
</bean>

when i type scott to login ,it will throw a disable creentials exception
but after i enable scott , It totally doen't work throw bad credentials again.
I almost get crazy and have no idea.
What goes wrong??..
below is the whole code

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>
	<!-- ======================== FILTER CHAIN ======================= -->
	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
		of "httpSessionContextIntegrationFilter" in the list below -->
	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</value>
		</property>
	</bean>

	<!-- ======================== AUTHENTICATION ======================= -->

	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="daoAuthenticationProvider" />
				<ref local="anonymousAuthenticationProvider" />
				<ref local="rememberMeAuthenticationProvider" />
			</list>
		</property>
	</bean>
    <!-- 
	<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
		<property name="dataSource">
			<ref bean="dataSource" />
		</property>
	</bean>-->

	<bean id="inMemoryImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
			  scott=wombat,enabled,ROLE_TELLER
			</value>
		</property>
	</bean>

	<bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />

	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService">
			<ref local="inMemoryImpl" />
		</property>
		<property name="userCache">
			<ref local="userCache" />
		</property>
		<property name="passwordEncoder">
			<ref local="passwordEncoder" />
		</property>
	</bean>

	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />

	<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheManager">
			<ref local="cacheManager" />
		</property>
		<property name="cacheName">
			<value>userCache</value>
		</property>
	</bean>

	<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
		<property name="cache">
			<ref local="userCacheBackend" />
		</property>
	</bean>

	<!-- Automatically receives AuthenticationEvent messages -->
	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener" />

	<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
		<property name="authenticationManager">
			<ref local="authenticationManager" />
		</property>
		<property name="authenticationEntryPoint">
			<ref local="basicProcessingFilterEntryPoint" />
		</property>
	</bean>

	<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
		<property name="realmName">
			<value>Contacts Realm</value>
		</property>
	</bean>

	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
		<property name="key">
			<value>foobar</value>
		</property>
		<property name="userAttribute">
			<value>anonymousUser,ROLE_ANONYMOUS</value>
		</property>
	</bean>

	<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
		<property name="key">
			<value>foobar</value>
		</property>
	</bean>

	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"></bean>

	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
		<property name="authenticationManager">
			<ref local="authenticationManager" />
		</property>
		<property name="rememberMeServices">
			<ref local="rememberMeServices" />
		</property>
	</bean>

	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
		<property name="userDetailsService">
			<ref local="inMemoryImpl" />
		</property>
		<property name="key">
			<value>springRocks</value>
		</property>
	</bean>

	<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
		<property name="key">
			<value>springRocks</value>
		</property>
	</bean>

	<!-- ===================== HTTP REQUEST SECURITY ==================== -->

	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<ref local="authenticationProcessingFilterEntryPoint" />
		</property>
	</bean>

	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="authenticationFailureUrl">
			<value>/acegilogin.jsp?login_error=1</value>
		</property>
		<property name="defaultTargetUrl">
			<value>/</value>
		</property>
		<property name="filterProcessesUrl">
			<value>/j_acegi_security_check</value>
		</property>
		<property name="rememberMeServices">
			<ref local="rememberMeServices" />
		</property>
	</bean>

	<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl">
			<value>/acegilogin.jsp</value>
		</property>
		<property name="forceHttps">
			<value>false</value>
		</property>
	</bean>

	<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions">
			<value>false</value>
		</property>
		<property name="decisionVoters">
			<list>
				<ref bean="roleVoter" />
			</list>
		</property>
	</bean>

	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />


	<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
		The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
		Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="accessDecisionManager">
			<ref local="httpRequestAccessDecisionManager" />
		</property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT 
				/index.html=ROLE_TELLER			</value>
		</property>
	</bean>
</beans>

[Andreas Senft]

I think the parsing of the "userMap" property does not trim whitespaces. So maybe try this:

Code:

<property name="userMap">
    <value>scott=wombat,enabled,ROLE_TELLER</value>
</property>

Or, alternatively

Code:

<property name="userMap" value="scott=wombat,enabled,ROLE_TELLER"/>

Regards,
Andreas

[Andreas Senft]

Forget about the blanks. I just saw you are using a password encoder. This would also require that the password retrieved by the dao is encoded as well. So you have to dpecify the MD5 hash of your password in the userMap.

For testing you might also just remove the encoder to ensure that everything works.

Regards,
Andreas

[bladefenix]

OK It work! after i remove the password encoder
Thanks you Andreas!!
You just like a angel from the heaven. You save me much..

Damn the password encoder..
I spend totally half a day to deal with this problem...

Fortunately It work now.. thank you very much.

[feenixx]

OK It work! after i remove the password encoder
Thanks you Andreas!!
You just like a angel from the heaven. You save me much..

Damn the password encoder..
I spend totally half a day to deal with this problem...

Fortunately It work now.. thank you very much.

lol, read the docs first

you can use md5-hashed passwords too on your acegi configuration file

Code:

<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    <property name="userMap">
      <value>
        admin=7de38f3c3d3baa7ca58a366f09577586,ROLE_ADMIN
      </value>
    </property>
  </bean>

<bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>

  <!-- DAO for InMemoryAuthentication -->
  <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService"><ref bean="userDetailsService"/></property>
  	<property name="passwordEncoder"><ref local="passwordEncoder"/></property>
  </bean>

The password for admin is 'secrets'. It's safer to use passwords on plaintext this way.

You can generate correct md5 passwords by using commons-codec

Code:

DigestUtils.md5Hex("secrets")

[bladefenix]

Thank you feenixx
You are right!I will follow your advise