method not intercepted while authentication

[maverick]

Hi
i hav implemented my custom UserDetailsService and I am calling a secured method from loadUserByUserName(). But that method is not intercepted here. After the user is authenticated and logs in successfully, if I use that same secured method again it is intercepted. I tried to debug the code but found that chain is empty when that method is called from loadUserByUsername. But chain is populated with MethodSecurityInterceptor if same method is called from some where else.
Is it the feature provided by SpringSecurity to not to intercept method while authentication? or I am making some mistake.
Kindly help.

Thanks

[Andrei Tsibets]

Is your secured method in the same class where loadUserByUserName implementation is?

http://static.springframework.org/sp...ng-aop-proxies

[maverick]

No its not part of that class. Its comlpetely different bean. Actually its a database API.

[maverick]

Does anybody know about the problem i am facing. Please help

[Luke Taylor]

Please add your configuration as an attachment (not inline) - otherwise it's very difficult for people to work out what's happening.

[maverick]

Hi Luke
I hav attached configuration files. As u can see i have intercepted only database api. using this api i fetch user data from db in loadUserByUsername method of UserDetailsService.

[Andrei Tsibets]

Probably issue with AdminVoter.

I have created test-app based on you configuration, and DatabaseAPI is intercepted when it is called from loadUserByUsername. And in this case there is logical exception: authorization mechanism is called before authentication.

Reason: An Authentication object was not found in the SecurityContext.

[maverick]

Hi Andrei
Thanks so much for putting in that much effort.
I think there is no problem with voter. The exception you r getting shows up when u try to access secured method without going thru authentication process with success, as it stores authentication object in security context after authentication success. So every time u try to access secured method it will fetch that authentication object from securityContext.
I m not able to deploy your test application as it is giving me some errors which i fail to understand :

Code:

08:28:36,283 INFO  [STDOUT] 08:28:36,252 ERROR [ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating
 bean with name 'springSecurityFilterChain' defined in class path resource
 [applicationContext.xml]: Invocation of init method failed; nested exception
 is org.springframework.beans.factory.BeanCreationException: Error creating
 bean with name 'logoutFilter' defined in class path resource
 [applicationContext.xml]: Cannot resolve reference to bean
 'rememberMeServices' while setting constructor argument with key [0];
 nested exception is
 org.springframework.beans.factory.BeanCreationException: Error creating
 bean with name 'rememberMeServices' defined in class path resource
 [applicationContext.xml]: Cannot resolve reference to bean
 'userDetailsService' while setting bean property 'userDetailsService'; nested
 exception is org.springframework.beans.factory.BeanCreationException: Error
 creating bean with name 'userDetailsService' defined in class path resource
 [applicationContext.xml]: Instantiation of bean failed; nested exception is
 org.springframework.beans.BeanInstantiationException: Could not instantiate
 bean class [com.maverick.UserDetailsServiceImpl]: Constructor threw
 exception; nested exception is java.lang.Error: Unresolved compilation
 problems: 
	The import org.springframework cannot be resolved
	The import org.springframework cannot be resolved
	The import org.springframework cannot be resolved
	The import org.springframework cannot be resolved
	UserDetailsService cannot be resolved to a type
	UserDetails cannot be resolved to a type
	UsernameNotFoundException cannot be resolved to a type
	DataAccessException cannot be resolved to a type
	The method retrieve() is undefined for the type IDatabaseAPI

[Andrei Tsibets]

The exception you r getting shows up when u try to access secured method without going thru authentication process with success, as it stores authentication object in security context after authentication success. So every time u try to access secured method it will fetch that authentication object from securityContext.

During authentication process DaoAuthenticationProvider calls UserDetailsService.loadUserByUsername methods, which calls secured method. At this moment there is no authentication object in security context. It will be put in security context later in AuthenticationProcessingFilter after successful authentication.
But loadUserByUsername intercepted via autorization mechanism, that is why authorization is called before successful authentication.

I m not able to deploy your test application as it is giving me some errors which i fail to understand

It is because eclipse .classpath has entries to local maven cache.