Reputation: 161
I had Spring Security 2.0.5 on my webApp, using a default Provider. Now requirements have changed and I need a CustomAuthenticationProvider in order to change Authentication way.
This is my AuthenticationProvider
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private ParamsProperties paramsProperties;
@SuppressWarnings("unchecked")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//Check username and passwd
String user = (String) authentication.getPrincipal();
String pass = (String) authentication.getCredentials();
if(StringUtils.isBlank(user) || StringUtils.isBlank(pass) ){
throw new BadCredentialsException("Incorrect username/password");
}
//Create SSO
SingleSignOnService service = new SingleSignOnService(paramsProperties.getServicesServer());
try {
//Check logged
service.setUsername(authentication.getName());
service.setPassword(authentication.getCredentials().toString());
ClientResponse response = service.call();
String result = response.getEntity(String.class);
ObjectMapper mapper = new ObjectMapper();
Map<String,Object> map = mapper.readValue(result, new TypeReference<Map<String,Object>>() {} );
//Read code
String code = (String)map.get("code");
log.debug(" ** [Authenticate] Result: " + code );
for (String s : (List<String>)map.get( "messages" ) ) {
log.debug(" [Authenticate] Message: " + s );
}
if ( code.equals( "SESSION_CREATED" ) || code.equals( "SESSION_UPDATED" ) || code.equals( "SESSION_VERIFIED" ) ) {
UsernamePasswordAuthenticationToken tokenSSO = LoginHelper.getuserSringTokenFromAuthService(map);
return tokenSSO;
} else {
return null;
}
} catch (Exception e) {
e.printStackTrace();
throw new AuthenticationServiceException( e.getMessage() );
}
}
public boolean supports(Class authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
And this is my security.xml
<http>
<form-login default-target-url ="/Login.html" always-use-default-target="true" login-page="/Login.html" login-processing-url="/j_spring_security_check"
authentication-failure-url="/Login.html" />
<http-basic />
<logout logout-success-url="/Login.html" />
</http>
<beans:bean id="myPasswordEncryptor"
class="com.mycomp.comunes.server.spring.core.MyPasswordEncoder" lazy-init="true">
<beans:constructor-arg>
<beans:bean class="org.jasypt.util.password.ConfigurablePasswordEncryptor" />
</beans:constructor-arg>
<beans:constructor-arg ref="paramsProperties" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.jasypt.spring.security2.PasswordEncoder" lazy-init="true">
<beans:property name="passwordEncryptor">
<beans:ref bean="myPasswordEncryptor" />
</beans:property>
</beans:bean>
<beans:bean id="authenticationProvider"
class="com.mycomp.comunes.server.spring.manager.autenticacion.CustomAuthenticationProvider">
</beans:bean>
<authentication-provider user-service-ref='authenticationProvider'>
<password-encoder ref="passwordEncoder" />
</authentication-provider>
But when deploying, I get the following:
Caused by: java.lang.IllegalArgumentException: Cannot convert value of type [$Proxy112 implementing org.springframework.security.providers.AuthenticationProvider,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [org.springframework.security.userdetails.UserDetailsService] for property 'userDetailsService': no matching editors or conversion strategy found
Can anyone help?
Upvotes: 0
Views: 3727
Reputation: 17528
You refer to the authenticationProvider
bean as a user service, which it is not.
<authentication-provider user-service-ref='authenticationProvider'>
With this old version of the framework, I can only guess that the way to use a custom auth provider is correctly described here.
Needless to say that it would be highly recommended to upgrade, if for nothing else, then just in order to get support easier.
Upvotes: 1