Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure Spring-Security to access user details in database?

I am puzzled with SpringSecurity. There are many ways to implement a simple thing and I mixed them all up.

My code is as follows but it throws exception. If I remove UserDetailsService related codes, the application runs and I can login in-memory users. As suggested below, I converted the configuration to XML based but users cannot sign-in.

org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'securityConfig': Injection of autowired dependencies failed; nested 
exception is org.springframework.beans.factory.BeanCreationException: Could 
not autowire field:  
org.springframework.security.core.userdetails.UserDetailsService 
com.myproj.config.SecurityConfig.userDetailsService; nested exception is 
org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying 
bean of type    
[org.springframework.security.core.userdetails.UserDetailsService] found for 
dependency: expected at least 1 bean which qualifies as autowire candidate for 
this dependency. Dependency annotations: 
{@org.springframework.beans.factory.annotation.Autowired(required=true),  
@org.springframework.beans.factory.annotation.Qualifier(value=userDetailsService)}

Caused by: org.springframework.beans.factory.BeanCreationException: Could not 
autowire field 

org.springframework.security.core.userdetails.UserDetailsService 
com.myproj.config.SecurityConfig.userDetailsService; nested exception is 
org.springframework.beans.factory.NoSuchBeanDefinitionException: 
No qualifying bean of type 
[org.springframework.security.core.userdetails.UserDetailsService] 
found for dependency: expected at least 1 bean which qualifies as autowire 
candidate for this dependency. Dependency annotations: 
{@org.springframework.beans.factory.annotation.Autowired(required=true), 
@org.springframework.beans.factory.annotation.Qualifier(value=userDetailsService)}

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: 
No qualifying bean of type 
[org.springframework.security.core.userdetails.UserDetailsService] found for 
dependency: expected at least 1 bean which qualifies as autowire candidate for 
this dependency. Dependency annotations: 
{@org.springframework.beans.factory.annotation.Autowired(required=true), 
@org.springframework.beans.factory.annotation.Qualifier(value=userDetailsService)}

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <listener>
        <listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
    </listener>

    <servlet>
        <servlet-name>proj</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
      <servlet-name>proj</servlet-name>
      <url-pattern>/</url-pattern>
    </servlet-mapping>



</web-app>

MvcWebApplicationInitializer

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;


public class MvcWebApplicationInitializer
    extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { SecurityConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

}

SecurityWebApplicationInitializer

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebApplicationInitializer
extends AbstractSecurityWebApplicationInitializer {

}

SecurityConfig

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(
                passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/resources/**", "/", "/index", "/aboutus")
                .permitAll()
                .antMatchers("/profile/**")
                .hasRole("USER")
                .and()
                .formLogin().loginPage("/signin").failureUrl("/signin?error")
                .permitAll().and().logout().logoutUrl("/signout").permitAll();

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception        
    {
        return super.authenticationManagerBean();
    }

}

MemberServiceImpl

@Service("userDetailsService")
public class MemberServiceImpl implements UserDetailsService {

    @Autowired
    MemberRepository memberRepository;

    private List<GrantedAuthority> buildUserAuthority(String role) {
        Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
        setAuths.add(new SimpleGrantedAuthority(role));
        List<GrantedAuthority> result = new ArrayList<GrantedAuthority>(
                setAuths);
        return result;
    }

    private User buildUserForAuthentication(Member member,
            List<GrantedAuthority> authorities) {
        return new User(member.getEmail(), member.getPassword(),
                member.isEnabled(), true, true, true, authorities);
    }

    @Override
    @Transactional(readOnly = true)
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {
        Member member = memberRepository.findByUserName(username);
        List<GrantedAuthority> authorities = buildUserAuthority("Role");
        return buildUserForAuthentication(member, authorities);
    }

}

Update 1

Even after adding following annotation, and authenticationManagerBean method from SecurityConfig the same exception is being thrown.

    @EnableGlobalMethodSecurity(prePostEnabled = true)

Update 2

As suggested in one of the answers, I converted it to XML based configuration, the current code is as following;however, when I submit login form it does not do anything.

Spring-Security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">



    <beans:import resource='login-service.xml' />
    <http auto-config="true" access-denied-page="/notFound.jsp"
        use-expressions="true">
        <intercept-url pattern="/" access="permitAll" />


        <form-login login-page="/signin" authentication-failure-url="/signin?error=1"
            default-target-url="/index" />
        <remember-me />
        <logout logout-success-url="/index.jsp" />
    </http>
    <authentication-manager>
        <authentication-provider>
            <!-- <user-service> <user name="admin" password="secret" authorities="ROLE_ADMIN"/> 
                <user name="user" password="secret" authorities="ROLE_USER"/> </user-service> -->
            <jdbc-user-service data-source-ref="dataSource"

                users-by-username-query="
              select username,password,enabled 
              from Member where username=?"

                authorities-by-username-query="
                      select username 
                      from Member where username = ?" />
        </authentication-provider>
    </authentication-manager>
</beans:beans>

login-service.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

   <bean id="dataSource"
    class="org.springframework.jdbc.datasource.DriverManagerDataSource">

    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://localhost/testProject" />
    <property name="username" value="root" />
    <property name="password" value="" />
   </bean>

</beans>
like image 444
Daniel Newtown Avatar asked Aug 12 '15 12:08

Daniel Newtown


People also ask

What is user details service in Spring Security?

UserDetailsService is used by DaoAuthenticationProvider for retrieving a username, password, and other attributes for authenticating with a username and password. Spring Security provides in-memory and JDBC implementations of UserDetailsService .

What are the possible mechanism is provided by Spring Security to store user details?

The SecurityContext and SecurityContextHolder are two fundamental classes of Spring Security. The SecurityContext is used to store the details of the currently authenticated user, also known as a principle. So, if you have to get the username or any other user details, you need to get this SecurityContext first.


3 Answers

I think you forget for add this annotation on SecurityConfig Class

@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(
                passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/resources/**", "/", "/index", "/aboutus")
                .permitAll().antMatchers("/profile/**").hasRole("USER").and()
                .formLogin().loginPage("/signin").failureUrl("/signin?error")
                .permitAll().and().logout().logoutUrl("/signout").permitAll();

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

and one things more I thinks this bean is not need

 @Bean
        @Override
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

Please try this hope this will work for you..

For get current user

public String getUsername() {
        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();
        if (authentication == null)
            return null;
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            return ((UserDetails) principal).getUsername();
        } else {
            return principal.toString();
        }
    }


    public User getCurrentUser() {
        if (overridenCurrentUser != null) {
            return overridenCurrentUser;
        }
        User user = userRepository.findByUsername(getUsername());

        if (user == null)
            return user;
    }

Thanks

like image 180
Charnjeet Singh Avatar answered Sep 28 '22 18:09

Charnjeet Singh


I think the issue could be due to missing @ComponentScan annotation. When trying to autowire userDetailsService in SecurityConfig, it's not able to find a suitable bean to autowire with.

A spring application usually has a separate "application context", in addition to "mvc context", "security context" (which you already have via SecurityConfig), etc.

I'm not sure if putting @ComponentScan on SecurityConfig itself will work on not, but you can give it a try:

@Configuration
@ComponentScan("your_base_package_name_here")
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
...
}

Replace "your_base_package_name_here" with the name of the package containing your @Component or @Service classes.

If this doesn't work, add a new, empty class with @ComponentScan annotation:

@Configuration
@ComponentScan("your_base_package_name_here")
public class AppConfig {
    // Blank
}

Source: http://docs.spring.io/spring-javaconfig/docs/1.0.0.M4/reference/html/ch06s02.html

like image 36
The Student Soul Avatar answered Sep 28 '22 17:09

The Student Soul


See there are some errors exist in your code base try to resolve it by seeing the code below.

Remove your SecurityConfig file and convert into xml file based configuration.

Your spring-security.xml should look like this.

   <security:http auto-config="true" >  
  <security:intercept-url pattern="/index*" access="ROLE_USER" />  
  <security:form-login login-page="/login" default-target-url="/index"  
   authentication-failure-url="/fail2login" />  
  <security:logout logout-success-url="/logout" />  
 </security:http>  

    <security:authentication-manager>  
   <security:authentication-provider>  
     <!-- <security:user-service>  
   <security:user name="samplename" password="sweety" authorities="ROLE_USER" />  
     </security:user-service> -->  
     <security:jdbc-user-service data-source-ref="dataSource"    
      users-by-username-query="select username, password, active from users where username=?"   
          authorities-by-username-query="select us.username, ur.authority from users us, user_roles ur   
        where us.user_id = ur.user_id and us.username =?  "   
  />  
   </security:authentication-provider>  
 </security:authentication-manager>  

web.xml should be looking like this:

 <servlet>  
  <servlet-name>sdnext</servlet-name>  
  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>  
        <load-on-startup>1</load-on-startup>  
 </servlet>  

 <servlet-mapping>  
  <servlet-name>sdnext</servlet-name>  
  <url-pattern>/</url-pattern>  
 </servlet-mapping>  
 <listener>  
  <listener-class>  
                  org.springframework.web.context.ContextLoaderListener  
        </listener-class>  
 </listener>  

 <context-param>  
  <param-name>contextConfigLocation</param-name>  
  <param-value>  
   /WEB-INF/sdnext-*.xml,  
  </param-value>  
 </context-param>  

 <welcome-file-list>  
  <welcome-file>index</welcome-file>  
 </welcome-file-list>  

 <!-- Spring Security -->  
 <filter>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <filter-class>  
                  org.springframework.web.filter.DelegatingFilterProxy  
                </filter-class>  
 </filter>  

 <filter-mapping>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <url-pattern>/*</url-pattern>  
 </filter-mapping>  
like image 6
MS Ibrahim Avatar answered Sep 28 '22 19:09

MS Ibrahim