Spring Security cannot find custom UserDetailsService

Question

I'm trying to use spring security on app engine. I implemented my own userdetailsservice.

package com.example.mymodule.app2;

import com.example.mymodule.repoobject.MutiboUser;
import com.example.mymodule.repository.MutiboUserRepo;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

import java.util.Collection;
import java.util.List;


@Component
public class MutiboUserDetailsService implements UserDetailsService {

    private final MutiboUserRepo mutiboUserRepo;

    @Autowired
    public MutiboUserDetailsService(MutiboUserRepo mutiboUserRepo) {

        if (mutiboUserRepo == null) {
            throw new IllegalArgumentException("mutiboUserRepo cannot be null");
        }
        this.mutiboUserRepo = mutiboUserRepo;
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        MutiboUser mutiboUser = mutiboUserRepo.findByName(username);

        if (mutiboUser == null) {
            throw new UsernameNotFoundException("Invalid username/password.");
        }

        List<GrantedAuthority> authorityList = AuthorityUtils
                .createAuthorityList("ROLE_USER");

        return new User(mutiboUser.getEmail(), mutiboUser.getPassword(), authorityList);
    }
}

Here is my web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
    xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/services.xml
            /WEB-INF/spring/security.xml
        </param-value>
    </context-param>
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <!-- intercept all requests -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>


    <!-- Spring MVC DispatcherServelt -->
    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextClass</param-name>
            <param-value>
                org.springframework.web.context.support.AnnotationConfigWebApplicationContext
            </param-value>
        </init-param>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                com.example.mymodule.app2.Application
            </param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <!-- to mora it preko https (app engine)-->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>question</web-resource-name>
            <url-pattern>/question/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>


</web-app>

services.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">

    <context:component-scan base-package="com.example.mymodule">
        <context:exclude-filter type="regex" expression="com.example.mymodule.*"/>
    </context:component-scan>


</beans>

and security.xml

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <http auto-config="true">
        <intercept-url access="ROLE_USER" pattern="/*" />
    </http>
    <authentication-manager>
        <authentication-provider
            ref="mutiboUserDetailsService"/>
    </authentication-manager>
</b:beans>

But every time I tired to test my app I get this error.

'org.springframework.security.authentication.dao.DaoAuthenticationProvider#0': Cannot 
resolve reference to bean 'mutiboUserDetailsService' while setting bean property 
'userDetailsService'; nested exception is 
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 
'mutiboUserDetailsService' is defined. 

Can someone help me? Thanks.

Answer 1

Your problem has nothing to do with App Engine but with the fact that Spring container is not able to find the bean named mutiboUserDetailsService.

I would say that the root cause is your component scanning configuration.

<context:component-scan base-package="com.example.mymodule">
    <context:exclude-filter type="regex" expression="com.example.mymodule.*"/>
</context:component-scan>

The class MutiboUserDetailsService is define in package com.example.mymodule.app2, however, this package is excluded (see exclude-filter) from component scanning and hence Spring will not register the corresponding bean.

Furthermore, there is also problem with your authentication manager configuration. Follow the excerpt below.

<authentication-manager>
    <authentication-provider user-service-ref='mutiboUserDetailsService'/>
</authentication-manager>