custom UserDetailsService.loadUserByUsername

[guenther.rene]

In my application a user is identified by 2 columns:
client
username

So I need a custom loadUserByUsername method. Is that possible?

As a workaround I got three input fields in my login.jsp with ids:
j_mandt
j_usernamex
j_password

onSubmit is concatenate j_username to
j_mandt + ":" + j_usernamex

And in loadUserByUsername I split the string again.

Can you suggest another solution?

Thanks
René

[puneetbaijal@gmail.com]

Hi!

Can you plz let me know how to customize my UserDetailService.

Regards
Puneet

[gduggirala]

Hello Puneet,

I guess your question is how to use your own UserDetailsService?
all you have to do is declare a class which implements UserDetailsManager

PHP Code:

public class YourClass implements UserDetailsManager{
        /*If you wish you can customize and populate UserDetails as well generally it will have UserName,
 Password (may not be available always), GrantedAuthority[] etc */

        public UserDetails loadUserByUsername(String userName){
        
        }
} 


In the applicationContext.xml the following is the configuration.

PHP Code:

<bean id="userServiceImpl" class="com.xyz.security. YourClass " >
        <!-- Any Ioc's if you want-->
    </bean>
<!--You can use any authentication provider here only thing that you should notice is authentication providers will take userDetailsService -->
<bean id="authenticationProvider"
          class="org.springframework.security.providers.cas.CasAuthenticationProvider">
        <security:custom-authentication-provider/>
        <property name="userDetailsService" ref="userServiceImpl"/>
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="https://${com.xyz.abc.cas.server.name}/cas"/>
                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage"/>
                <property name="proxyCallbackUrl" value="http://${com.xyz.abc.cas.server.name}/secure/receptor"/>
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only"/>
    </bean> 


Regards,
Giridhar Duggirala

[puneetbaijal@gmail.com]

Hi Giridhar!
First all thanxs for the reply. As told i had customized my UserDetailService class. As i also have 3 login fields in my login page i had customized my AutheticationProcessingFilter to accept another field , so now my AutheticationProcessingFilter is created to accpet 3 fields username, customerId and Password.
After overriding AutheticationProcessFilter and UserDetailService classes when i run the application my custom AutheticationProcessingFilter class attempt autheticate method is not getting called.
Do you have any idea, may be i am doing something wrong.



/*****MYAuthencticationProcessingFilter *********/
public class MYAuthencticationProcessingFilter extends AuthenticationProcessingFilter
{
public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
public static final String USERNAME_CUSTOMERID_SEPARATION_KEY = "::";
private String customerId;

public MYAuthencticationProcessingFilter ()
{
customerId = "customerId";
}

public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException
{
String username = obtainUsername(request);
String password = obtainPassword(request);
String customerId = obtainCustomerId(request);
if(username == null)
username = "";
if(password == null)
password = "";
if(customerId== null)
customerId ="";
username = username.trim();
username = username + USERNAME_CUSTOMERID_SEPARATION_KEY + customerId;
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
HttpSession session = request.getSession(false);
if(session != null || getAllowSessionCreation())
request.getSession().setAttribute("SPRING_SECURITY _LAST_USERNAME", TextUtils.escapeEntities(username));
setDetails(request, authRequest);
return getAuthenticationManager().authenticate(authReques t);
}

protected String obtainCustomerId(HttpServletRequest request)
{
return request.getParameter(customerId);
}

public void setCustomerId(String customerId)
{
Assert.hasText(customerId, "Customer ID must not be empty or null");
this.customerId = customerId;
}
}

/********ApplicationContext.xml**********/

bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
<property name="filterInvocationDefinitionSource">
<value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionIntegrationFilter,authenticationProc essingFilter,exceptionTranslationFilter
</value>
</property>
</bean>
<bean id="authenticationProcessingFilter" class="com.xxxxxxxxxx.security.MYAuthencticationPr ocessingFilter ">
<property name="filterProcessesUrl" value="/monitorvehicle" />
<property name="authenticationFailureUrl" value="/iFleet/customerLogin.jsp" />
<property name="defaultTargetUrl" value="/" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTr anslationFilter">
<property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
<property name="accessDeniedHandler" ref="accessDeniedHandler" />
</bean>

<bean id="httpSessionIntegrationFilter" class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter" />

<bean id="authenticationManager" class="org.springframework.security.providers.Prov iderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>

<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao. DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>

<bean id="userDetailsService" class="com.security.MyUserDetailsService" />

<bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/customerLogin.jsp" />
</bean>


<bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDenie dHandlerImpl">
<property name="errorPage" value="/error.html" />
</bean>


Regards
Puneet Baijal

[Luke Taylor]

Add the spring security source jar to your project, then use a debugger. If you put a breakpoint in the AbstractProcessingFilter class doFilterHttp() method you will be able to work out what class is being called and what the issue is.

And please don't copy and paste your posts in multiple threads throughout the forum.

[puneetbaijal@gmail.com]

Hi Luke!
Thanxs for the reply. Does the spring security configuration any different if while using Struts 2 in an application.
Actually my application is a struts 2 based application and i need to integrate Spring security in that. So does it require any different configurations or the configurations would remain the same.