How to configure spring security 2.0 to use a custom UserDetailsService?

**hvuoltee** · Apr 17th, 2008, 06:57 AM

I feel quite stupid for having to ask this, but I just wasn't getting anywhere with the docs and google...

How do I configure Spring Security to use my own UserDetailsService implementation? My UserDetailsService is defined in the normal Spring web app context config file (myappname-servlet.xml):

Code:

<bean id="userDetailsService" class="myappname.auth.UserDetailsServiceImpl">
  <property name="dao">
    <ref bean="testDao" />
  </property>
</bean>

I also have another config file, applicationContext-security-ns.xml. In this file I have a simple security setup:

Code:

<http auto-config="true">
  <intercept-url pattern="/secure/admin/**" 
    access="ROLE_ADMIN" />
  <intercept-url pattern="/secure/**"    
    access="IS_AUTHENTICATED_REMEMBERED" />
  <intercept-url pattern="/**"
    access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <form-login login-page="/home.html" />
</http>

<authentication-provider>
  <user-service>
    <user name="user" password="user"
      authorities="ROLE_ADMIN, ROLE_USER" />
  </user-service>
</authentication-provider>

The simple authentication-provider works ok, but trying to refer to my own userDetailsService doesn't work. This has got to be very simple, could someone please show me how to do it?

**Luke Taylor** · Apr 17th, 2008, 07:04 AM

You'll find it in the namespace introduction in the reference guide:

http://static.springframework.org/sp...auth-providers

**hvuoltee** · Apr 20th, 2008, 05:54 AM

Yeah, that's the document I was trying to read, just didn't get it.

I tried replacing the simple static authentication-provider element with a reference to a UserDetailsService bean:

Code:

<authentication-provider user-service-ref="myUserDetailsService"/>

I have the UserDetailsService bean in the appname-servlet.xml:

Code:

<bean id="myUserDetailsService" class="myapp.auth.UserDetailsServiceImpl">
</bean>

This results only in error "No UserDetailsService registered".

Are beans in the application context config (appname-servlet.xml) visible to security-ns.xml? I don't seem to get the relationship between the two config files... Could someone spell it out for me?

**Luke Taylor** · Apr 20th, 2008, 07:08 AM

No, I think don't think beans in the web application context "-servlet.xml" file are visible in the rest of your main applicaion context. That's a basic Spring issue though. It isn't affected by namespaces.

**hvuoltee** · Apr 20th, 2008, 04:33 PM

Ok... So how do I combine the two? My data access objects are in the main config file. It would seem strange to specify database connectivity stuff again in the security context.

**cablepuff** · Apr 20th, 2008, 11:19 PM

In your web.xml configure a ContextLoaderListener.

http://static.springframework.org/sp...rListener.html

wire this in your web.xml.

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:applicationContext*.xml</param-value>
</context-param>

Thread: How to configure spring security 2.0 to use a custom UserDetailsService?

Thread Tools

Display

Hybrid View

How to configure spring security 2.0 to use a custom UserDetailsService?

Posting Permissions