CODEWITHSUNDEEP
spring-security
damd
damd

Reputation: 6997

Spring Security 3 configuration in XML

I've tried to configure Spring Security through XML for some time now, but I can't seem to get it to work. Here is what I have so far:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/mvc
                           http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
                           http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    [...]

    <security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER" />
        <security:http-basic />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            [???] <!-- What goes here? -->
        </security:authentication-provider>
    </security:authentication-manager>

</beans>

All the tutorials that I've found seem to want me to put <user-service> in the placeholder, but NetBeans won't auto-complete to that element. The only thing resembling that element is any-user-service which, as far as I understand, is an "abstract" element.

I just want to configure an in-memory list of users and passwords. How do I do that in Spring Security version 3?

Upvotes: 3

Views: 12018

Answers (2)

Wilhelm Kleu
Wilhelm Kleu

Reputation: 11077

Write your own org.springframework.security.authentication.AuthenticationProvider, create the bean and provide a reference to your authentication manager:

<authentication-manager>
    <authentication-provider ref="com.example.CustomAuthenticationProvider"/>
</authentication-manager>

Alternatively you can just supply usernames and passwords with their relevant authorities (I use this when mocking)

<authentication-manager>
    <authentication-provider>
        <user-service>
          <user name="test" password="test" authorities="ROLE_AUTHENTICATED" />
        </user-service>
    </authentication-provider>
</authentication-manager>

Upvotes: 1

NimChimpsky
NimChimpsky

Reputation: 47300

<security:authentication-manager>
   <security:authentication-provider user-service-ref="userService">
</security:authentication-provider>

<bean id="userService" class="path.to.your.implementation.of.UserDetailsService" />

or you can have a basic in memory authentication (instead of, as well as) :

<security:authentication-manager>
  <security:authentication-provider user-service-ref="userService">
  </security:authentication-provider>
  <security:authentication-provider user-service-ref="customAdmin">         
  </security:authentication-provider>
</security:authentication-manager>

<security:user-service id="customAdmin">
 <security:user name="yourUserName" password="yourPassword" authorities="ROLE_USER, ROLE_ADMIN" />
 <security:user name="yourOtherUserName" password="yourOtherPassword" authorities="ROLE_USER, ROLE_ADMIN" />
</security:user-service>

The offical spring docs are always the best place to read, imho.

Upvotes: 2

Related Questions