Custom UserDetailsService implementation/deployment problem

[Piotr Falenczyk]

Hello

I've been trying to fight this problem for 3 days now.
I created a custom implementation of UserDetailsService employing SessionBean. Below my application-security.xml config.

Code:

<bean id="loginBean"
		class="org.springframework.jndi.JndiObjectFactoryBean">
		<property name="jndiName" value="ejb/LoginBean/local" />
		<property name="resourceRef" value="false" />
		<property name="expectedType" value="backend.auth.manager.LoginManager" />
	</bean>

<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService">
			<bean class="backend.auth.util.LoginBeanWrapper">
				<property name="manager" ref="loginBean" />
			</bean>
		</property>
</bean>

Bean is injected to LoginBeanWrapper instance, and LoginBeanWrapper implements UserDetailsService. Nothing thrilling so far.
Implementation of LoginBeanWrapper is also very simple

Code:

public class LoginBeanWrapper implements UserDetailsService {

	private LoginManager manager;
	
	public UserDetails loadUserByUsername(String userName)
			throws UsernameNotFoundException, DataAccessException {
		return manager.loadUserByUsername(userName);
	}

	public void setManager(LoginManager manager) {
		this.manager = manager;
	}
	
}

Now, when I try to deploy my application, I get:

Cannot convert value of type [backend.auth.util.LoginBeanWrapper] to required type [org.springframework.security.userdetails.UserDetai lsService] for property 'userDetailsService': no matching editors or conversion strategy found

Here, after 3 days of struggling, I would like to ask You for help with my problem.
I'm out of ideas. I've tried to implement my own Authentication provider by extending AbstractUserDetailsAuthenticationProvider, but result was more or less the same - I've got message, that AuthenticationProvider must implement org.springframework.security.providers.Authenticat ionProvider.

I am using Jboss 4.2.3 with java 1.5.0_14. Application uses Spring 2.0.8 and Spring-Security 2.0.4

Best Regards

Piotr Falenczyk

[Luke Taylor]

Sounds like some kind of classloader issue - if the classes do implement the required types and you get a cast exception, then they probably have different classloaders or something. People often forget that the classloader is part of the type definition for a Java class and you will get this kind of unhelpful message when this happens.

Do you really need to use an EJB to provide your login service?

[Piotr Falenczyk]

Hello

Thanks for Your reply. I haven't checked ClassLoaders yet, but I will post a results as soon as I finish.

About the EJB for logging in - it's just the way we are doing database queries/logic in our project. We have to be prepared for a pretty big amount of requests.

You're right - for logging-in purposes, EJB sounds a little bit scarry, but I just want to keep our code manageable by using the same mechanisms.

Best Regards

Piotr Falenczyk

[Piotr Falenczyk]

Hello

Luke - thanks for Your help. The problem was connected with class loaders.

I've misconfigured dependencies in maven, which resulted in 2 different versions of spring being placed in both webapp and ear context.

I hope, I have a chance to return the favor one day.

Best Regards

Piotr Falenczyk

[wand]

Hi Piotr,

i have implemented a cutom DaoAuthenticationProvider which extends the org.springframework.security.providers.dao.DaoAuth enticationProvider class. And i always have the Exception : No ClassLoaders found for: org.springframework.security.providers.dao.DaoAuth enticationProvider. May be is that the same problem you had. Please can you help?

The class is :

package com.mycompany.security;
public class DaoAuthenticationProvider extends
org.springframework.security.providers.dao.DaoAuth enticationProvider {
...

}

and the spring configuration :

<bean id="daoAuthenticationProvider"
class="com.mycompany.security.DaoAuthenticationPro vider">
...

</bean>

I would be very greatfull for any help.

Cheers.
Wand

[Piotr Falenczyk]

Hi Wand

The problem in my case was connected with misplaced jar files. Jar which contains my custom authentication provider implementation was included both in .ear file and .war (inside .ear).

I removed the jar file from war, which fixed the problem.

Hope, this helps You. Please provide more details if You still encounter this problem.

Best Regards

Piotr Faleńczyk

[wand]

Hi Piotr,

thanks for you quick reply. I have solved the problem meanwhile. The cause was a misplacing of my webapp's class files, which were not in the /WEB-INF directory but in the directory above in the hierarchy.

King regards.
Wand