TechQA.

Spring Security 4 xml configuration UserDetailsService authentication not working

2.6k views Asked by At

I know that this question was asked many times but any answer solved my problem. I am trying to implement a custom login form using Spring Security 4 + Hibernate + Spring Data Jpa, but things don't work as I expect.

When I use in-memory credentials all work fine but I want to use my database instead.

Below the main code :

Xml security config.

    <beans:bean id="encodeurMotDePasse" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <beans:constructor-arg name="strength" value="12" />
    </beans:bean>

    <security:http auto-config="true" create-session="never">
        <security:intercept-url pattern="/" access="permitAll" />
        <security:intercept-url pattern="/inscription**" access="hasRole('ADMIN') or hasRole('USER')" />
        <security:intercept-url pattern="/connexion**" access="hasRole('USER') or hasRole('USER')" />
        <security:intercept-url pattern="/test**" access="hasRole('ADMIN')" />
        <security:intercept-url pattern="/dba**" access="hasRole('ADMIN')" />
        <security:form-login login-page="/login.html"
                             username-parameter="identifiant" 
                             password-parameter="motDePasse"
                             authentication-failure-url="/login.html?error=t"/>

    </security:http>

    <beans:bean id="customUserDetailsService" class="com.app.security.CustomUserDetailsService"/>
     <security:authentication-manager >
        <security:authentication-provider user-service-ref ="customUserDetailsService">
             <security:password-encoder ref="encodeurMotDePasse" />
        </security:authentication-provider> 
    </security:authentication-manager>

The UserDetailsService implementation : 

@Service
public class CustomUserDetailsService implements UserDetailsService {

    @Autowired
    private ServicesDAO service;

    @Override
    public UserDetails loadUserByUsername( String username ) throws UsernameNotFoundException {

    T_authentification userPrincipals = service.getAuthenticatePrincipal( username );

    if ( userPrincipals == null ) {
        System.out.println( "user inexistant" );
        throw new UsernameNotFoundException( "L'utilisateur n'a pas été trouvé" );
    } else {
        System.out.println( "user trouvé" );
    }

    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

    for ( T_roles role : userPrincipals.getRoles() ) {
        System.out.println( " role dans userdetails service est :" + role.getRoleName() );
        authorities.add( new SimpleGrantedAuthority( role.getRoleName() ) );
    }

    // return new CustomUserDetails( userPrincipals );
    return new org.springframework.security.core.userdetails.User( userPrincipals.getUsername(), userPrincipals.getMotDePasse(), authorities );
 }
}

When I test the code in a controller method all credentials are well loaded from the database and I can print them on the console.

The other concern is when the login fails, Spring Security doesn't send any debug message in the console to tell the cause of this failure.

EDIT

Here my log4j.xml, I follow the configuration but any message appears in the console and the file are also empty.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE log4j:configuration PUBLIC  "-//APACHE//DTD LOG4J 1.2//EN"    "http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/xml/doc-files/log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">

    <appender name="Appender1" class="org.apache.log4j.ConsoleAppender">
        <param name="Threshold" value="debug" />
       <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%-7p %d [%t] %c %x - %m%n"/>
       </layout>
    </appender>

  <appender name="SpringAppender" class="org.apache.log4j.FileAppender"> 
        <param name="file" value="C:/Log4j/Spring-details.log" /> 
        <param name="Threshold" value="debug" />
        <param name="append" value="true" /> 
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern"
                value="%d{MM/dd/yyyy HH:mm:ss}  [%t]:%c{5}.%M()%L %m%n" />
        </layout>
    </appender>

    <appender name="Appender2" class="org.apache.log4j.FileAppender">
       <param name="File" value="C:/Log4j/app.log" />
       <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%-7p %d [%t] %c %x - %m%n"/>
       </layout>
    </appender>

     <category name="org.springframework">
        <priority value="ALL" />
    </category>


    <category name="org.springframework">
        <priority value="debug" />
    </category>

    <category name="org.springframework.beans">
        <priority value="debug" />
    </category>

    <category name="org.springframework.security">
        <priority value="debug" />
    </category>

    <category
        name="org.springframework.beans.CachedIntrospectionResults">
        <priority value="debug" />
    </category>

    <category name="org.springframework.jdbc.core">
        <priority value="debug" />
    </category>

    <category name="org.springframework.transaction.support.TransactionSynchronizationManager">
        <priority value="debug" />
    </category>

    <logger name="org.springframework" additivity="false">
        <level value="DEBUG"/>
        <appender-ref ref="SpringAppender"/>
    </logger>

    <root>
     <!--         <priority value="INFO"/> -->
        <level value="DEBUG"/>
        <appender-ref ref="Appender1" />
        <appender-ref ref="SpringAppender" />
        <appender-ref ref="Appender2" />
    </root>
</log4j:configuration>

EDIT2

I got this exception when I try to @Autowire this bean <beans:bean id="customUserDetailsService" class="com.app.security.CustomUserDetailsService"/> in a java class.

Why this error occured?

ERROR javax.enterprise.web.core - ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'inscriptionController': Unsatisfied dependency expressed through field 'customUserDetailsService'; nested exception is org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'customUserDetailsService' is expected to be of type 'com.app.security.CustomUserDetailsService' but was actually of type 'com.sun.proxy.$Proxy323' at org.apache.catalina.core.StandardContext.start(StandardContext.java:5985)

Many thanks for your clarifications and sorry for my bad English.

spring-mvc authentication spring-security xml-configuration
Original Q&A
1

There are 1 answers

0
akuma8 On BEST ANSWER

I found the reason of this strange behavior.

I suppose that the spring security listener org.springframework.security.web.session.HttpSessionEventPublisherdoesn't share the same context as the servlet dispatcher. So, all beans defined in the mvc context are inaccessible for the security part.

To solve this, I had to add the <context:component-scan base-package=.... in the root context as all beans defined here are accessible everywhere.

I lost 2 weeks to find the reason of my problem :( !

Related Questions in SPRING-MVC

Related Questions in AUTHENTICATION

Related Questions in SPRING-SECURITY

Related Questions in XML-CONFIGURATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions