user1096311
Reputation:
Why is my custom authentication not working in Spring Security 3?
I'm having an issue with spring security 3 while trying to implement my own Customauthentication. Following this page steps I wrote this class:
public class CustomAuth implements AuthenticationManager {
@Override
public Authentication authenticate(Authentication auth)
throws AuthenticationException {
UserService service = new UserService();
User user = service.login((String) auth.getPrincipal(), new String(
DigestUtils.sha256((String) auth.getCredentials())));
LinkedList<GrantedAuthority> authorities = new LinkedList<>();
if (user != null) {
authorities.add(new SimpleGrantedAuthority(user.getRole()));
return new UsernamePasswordAuthenticationToken(user.getUsername(),
user.getPassword(), authorities);
}
return null;
}
}
And this is my spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/resources/**" security="none" />
<security:http auto-config="true" >
<security:intercept-url pattern="/user/**"
access="ROLE_USER" />
<security:intercept-url pattern="/admin/**"
access="ROLE_ADMIN,ROLE_USER" />
<security:form-login login-page="/login"
authentication-failure-url="/login?error=true" />
<security:logout invalidate-session="true" />
<security:session-management>
<security:concurrency-control
max-sessions="1" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider ref="myAuthProvider" />
</security:authentication-manager>
<bean id="myAuthProvider" class="org.jhonnytunes.security.CustomAuth">
</bean>
</beans>
And tomcat7 is logging this while app not displaying at browser.
Im using:
- Eclipse Kepler
- Ubuntu 13.04
- JDK 1.7
- Tomcat7
- Eclipse STS plugin
What can be this?
Upvotes: 0
Views: 2960
Answers (2)
melbanhawi
Reputation: 1
implements'AuthenticationProvider' instead of 'AuthenticationManager'
'throw new BadCredentialsException (String)' instead of 'return null'
Upvotes: 0
axtavt
Reputation: 242686
CustomAuth should implement AuthenticationProvider, not AuthenticationManager.
Upvotes: 3
Related Questions
- Custom Spring Security Authentication provider not even being called?
- Custom Authentication Provider Not Being Called
- Spring security - Custom AuthenticationProvider not working - Java Config
- Implementing Custom Authentication in Spring Security
- spring security custom authentication not working
- Spring Security custom AuthenticationSuccessHandler is ignored
- Custom Authentication provider does not work in Spring Security
- Custom Authentication Provider is not getting called Spring Security
- How to implement custom authentication in Spring Security 3?
- Spring Security - Custom authentication provider not called