Geek Answers Handbook

Spring - Security: how are login and password associated with authentication provider?

I am new to spring and spring security,

I understood how beans are created and referenced in xml files. I need to provide security with spring in my application.

I have included my own applicationContext-security.xml file in my web.xml: contextConfigLocation

in this file, I intercepted the url patterns using

<intercept-url pattern='/**.something' access="IS_AUTHENTICATED_FULLY"/>

inside an element.

I installed the login form as now, if the page is not authorized, it shows me my own Login.html page.

Now for the problems I am facing:

  • How to specify my registration form for submitting its value to spring?
  • How to use my own authentication provider?

I tried this:

 <authentication-provider user-service-ref="userDetailsService"/> <beans:bean id = "userDetailsService" class ="com.somepath.CustomAuthenticationProvider"> <custom-authentication-provider/> </beans:bean>

where CustomAuthenticationProvider implements AuthenticationProvider

but the code causes an error: Error creating a bean named "_filterChainProxy" .... No registration of UserDetailsService

Please, help

+6
security spring-security gwt
source share
2 answers

1: How to specify my registration form for submitting its value to spring?

After configuring the standard spring filter in web.xml for spring security, use some default settings configured with the <http> . An AuthenticationProcessingFilter instance is created for you as part of the filter chain.

By default, AuthenticationProcessingFilter configured to read j_username and j_password as a username / password token.

To override this, replace the AuthenticationProcessingFilter setting with the default value by doing the following:

 <bean id="myAuthFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" > <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/><!–-replace the default one-–> <property name="usernameParameter" value="myUsername"/><!-- myUsername is the name of the input tag where user enter their username on the HTML page --> <property name="passwordParameter" value="myPassword" /><!–- myPassword is the name of the input tag where user enter their password on the HTML page -–> </bean>

See also JavaDoc of AuthenticationProcessingFilter for more information: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.html

2: How to use my own authentication provider?

Using the following code:

 <bean id="myAuthenticationProvider" class="com.something.MyAuthenticationProvider"> <security:custom-authentication-provider /> </bean>

<security:custom-authentication-provider /> is a tag that lets spring know that it is a custom provider, and Authentication Manager should use it in its provider chain.

Source: http://static.springsource.org/spring-security/site/docs/2.0.x/reference/appendix-namespace.html#d4e3379

3: Concerning the problem with the metal framing of the code "_filterChainProxy" ... No registration of UserDetailsService ... '

Is com.somepath.CustomAuthenticationProvider implementation of the UserDetailService interface?

+7
source share

I'm a little new to Spring, but I will try to help you. Interception-url looks great.

I do not think the authenticator provider is right. Take a look at my code:

  <beans:bean id="MyUserDetailsService" class="path.to.MyAuthenticationService"/> 

 <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.hierarchicalroles.UserDetailsServiceWrapper" > <beans:property name="roleHierarchy" ref="roleHierarchy" /> <beans:property name="userDetailsService"> <beans:ref bean="MyUserDetailsService"/> </beans:property> </beans:bean> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="md5"/> </authentication-provider>

You may not need the role of a hierarchy.

You have a jsp page login form. The form should start like this:

 <form:form modelAttribute="login">

You must also match the corresponding fields.

 <form:input path="login"> <form:password path="password">

in your context-security.xml application, specify the login page:

 <form-login login-page="/login.jsp" default-target-url="/login.html" always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=1"/>

login.html must be mapped to your LoginController.java, which extends BaseController and implements a login method that takes at least HttpServletRequest and Model as parameters. Then mine works by calling the following Spring class / methods:

 String userlogin = SecurityContextHolder.getContext().getAuthentication().getName();

If your CustomAuthenticationProvider is implemented correctly, you can (hopefully) get user details from your model and finally

 return "redirect:homepage.html";

Maybe I missed something, if you still have problems, let me know in the comment.

+1
source share

More articles:


All Articles