TechQA.

DigestAuthenticationFilter with database users, possible?

734 views Asked by At

My Spring-Security implementation for http-digest: Code:

<bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
      <property name="userDetailsService" ref="userService"/>
      <property name="authenticationEntryPoint" ref="digestEntryPoint"/>
    </bean>

========================================================================

<security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="inMemoryAuthenticationProvider"/>
   </security:authentication-manager>

========================================================================


<bean id="inMemoryAuthenticationProvider"
         class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
      <property name="hideUserNotFoundExceptions" value="false"/>
     <property name="userDetailsService" ref="inMemoryUserService"/> 
      <property name="messageSource" ref="messageSource"/>
   </bean>

========================================================================


<security:user-service id="inMemoryUserService">
        <security:user name="user" password="user" authorities="ROLE_USER"/>                
        <security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
        <security:user name="invitado" password="invitado" authorities="ROLE_INVITADO"/>
    </security:user-service>

I'm trying to customize it to obtain user data from a database. I tried to access from the Interface class UserDetailsService. Code:

public class CustomUserDetailsService implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(String arg0)
            throws UsernameNotFoundException {

        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));

        return new User(
                "pepe", 
                "psw",
                true,
                true,
                true,
                true,
                authorities);
    }

}

This does not work because the label when implementing security: user-service, no class attributes.

Any ideas?, How to access a database of users?

spring spring-security http-digest
Original Q&A
1

There are 1 answers

0
baraber On BEST ANSWER

The <user-service> tag is used to define users explicitly in the spring configuration file. It does not allow to specify your own UserDetailsService implementation.

To use your CustomUserDetailsService, all you have to do is to remove the <user-service> tag and replace it by your custom UserDetailsService like this : 

<bean id="inMemoryUserService" class="you.package.CustomUserDetailsService"/>

And then you should be able to log in with pepe:psw .

Related Questions in SPRING

Related Questions in SPRING-SECURITY

Related Questions in HTTP-DIGEST

Popular Questions

Trending Questions