user2087103
user2087103

Reputation: 161

Custom Authentication Provider on Spring Security 2 userDetailsService issue

I had Spring Security 2.0.5 on my webApp, using a default Provider. Now requirements have changed and I need a CustomAuthenticationProvider in order to change Authentication way.

This is my AuthenticationProvider

public class CustomAuthenticationProvider implements AuthenticationProvider {

@Autowired
private ParamsProperties paramsProperties;  

@SuppressWarnings("unchecked")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    //Check username and passwd
    String user = (String) authentication.getPrincipal();
    String pass = (String) authentication.getCredentials();
    if(StringUtils.isBlank(user) || StringUtils.isBlank(pass) ){
        throw new BadCredentialsException("Incorrect username/password");
    }

    //Create SSO
    SingleSignOnService service = new SingleSignOnService(paramsProperties.getServicesServer());
    try {
        //Check logged
        service.setUsername(authentication.getName());
        service.setPassword(authentication.getCredentials().toString());
        ClientResponse response = service.call();
        String result = response.getEntity(String.class);

        ObjectMapper mapper = new ObjectMapper();
        Map<String,Object> map = mapper.readValue(result, new TypeReference<Map<String,Object>>() {} );
        //Read code
        String code = (String)map.get("code");
        log.debug(" ** [Authenticate] Result: " + code );
        for (String s : (List<String>)map.get( "messages" ) ) {
            log.debug(" [Authenticate] Message: " + s );
        }

        if ( code.equals( "SESSION_CREATED" ) || code.equals( "SESSION_UPDATED" ) || code.equals( "SESSION_VERIFIED" ) ) {              
            UsernamePasswordAuthenticationToken tokenSSO = LoginHelper.getuserSringTokenFromAuthService(map);            
            return tokenSSO;                
        } else {
            return null;
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw new AuthenticationServiceException( e.getMessage() );
    }
}


public boolean supports(Class authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

And this is my security.xml

<http>
  <form-login default-target-url ="/Login.html" always-use-default-target="true" login-page="/Login.html" login-processing-url="/j_spring_security_check"
        authentication-failure-url="/Login.html" />  
  <http-basic />
  <logout logout-success-url="/Login.html" />
</http>

<beans:bean id="myPasswordEncryptor"
    class="com.mycomp.comunes.server.spring.core.MyPasswordEncoder" lazy-init="true">
    <beans:constructor-arg>
        <beans:bean class="org.jasypt.util.password.ConfigurablePasswordEncryptor" />
    </beans:constructor-arg>
    <beans:constructor-arg ref="paramsProperties" />
</beans:bean>

<beans:bean id="passwordEncoder"
    class="org.jasypt.spring.security2.PasswordEncoder" lazy-init="true">
    <beans:property name="passwordEncryptor">
        <beans:ref bean="myPasswordEncryptor" />
    </beans:property>
</beans:bean>

<beans:bean id="authenticationProvider"
    class="com.mycomp.comunes.server.spring.manager.autenticacion.CustomAuthenticationProvider">
</beans:bean> 

<authentication-provider user-service-ref='authenticationProvider'>
    <password-encoder ref="passwordEncoder" />
</authentication-provider>

But when deploying, I get the following:

Caused by: java.lang.IllegalArgumentException: Cannot convert value of type [$Proxy112 implementing org.springframework.security.providers.AuthenticationProvider,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [org.springframework.security.userdetails.UserDetailsService] for property 'userDetailsService': no matching editors or conversion strategy found

Can anyone help?

Upvotes: 0

Views: 3727

Answers (1)

zagyi
zagyi

Reputation: 17528

You refer to the authenticationProvider bean as a user service, which it is not.

<authentication-provider user-service-ref='authenticationProvider'>

With this old version of the framework, I can only guess that the way to use a custom auth provider is correctly described here.

Needless to say that it would be highly recommended to upgrade, if for nothing else, then just in order to get support easier.

Upvotes: 1

Related Questions