Menu
I have some issues with Spring security authentication. Everywhere in my application everything works great (CRUD operations work well), but login attempt fails.
Here's my code (I marked below with comments where userDAO is null which is cause of failed authentication):
@Service
public class UserServiceImpl implements UserService, UserDetailsService {
@Autowired
UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userDAO.getUserByUsername(username); //userDAO == null Causing NPE
if (user == null)
throw new UsernameNotFoundException("Oops!");
List<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority(user.getRole()));
return new org.springframework.security.core.userdetails
.User(user.getLogin(), user.getPassword(), authorities);
}
@Override
public List<User> getUsers() {
return userDAO.getUsers();//userDAO !=null
}
//rest of code skipped
My SecurityConfig looks like this
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
UserServiceImpl userService = new UserServiceImpl();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
//rest of code skipped
I marked where i get NPE and i have no idea how to solve this. Whole Configuration is JavaBased and you can check it out out here for more details HERE
EDIT: getUsers() is invoked this way in controller:
@Controller
public class LoginController {
@Autowired
UserService userService;
@RequestMapping(value = "/dashboard")
public ModelAndView userDashboard(){
ModelAndView modelAndView = new ModelAndView("Dashboard");
List<User> userList = userService.getUsers();
modelAndView.addObject("users", userList);
return modelAndView;
}
And in this case (when invoking userService.getUsers()) userDAO is not null
Tried to fix it like Bohuslav Burghardt suggested and i got
method userDetailsService in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder cannot be applied to given types;
required: T
found: com.gi.service.UserService
reason: inferred type does not conform to upper bound(s)
inferred: com.gi.service.UserService
upper bound(s): org.springframework.security.core.userdetails.UserDetailsService
in line auth.userDetailsService(userService);
708
The UserDetailsService is a core interface in Spring Security framework, which is used to retrieve the user’s authentication and authorization information. This interface has only one method named loadUserByUsername () which we can implement to feed the customer information to the Spring security API.
As configured, Spring Security provides a filter that intercepts that request and authenticates the user. If the user fails to authenticate, the page is redirected to "/login?error" and our page displays the appropriate error message.
Spring Security Configuration The WebSecurityConfig class is annotated with @EnableWebSecurity to enable Spring Security’s web security support and provide the Spring MVC integration. WebSecurityConfig also extends WebSecurityConfigurerAdapter and overrides a couple of its methods to set some specifics of the web security configuration.
With the help of this custom UserDetailsService implementation, we are able to use custom table structure for our Spring Security authentication using JDBC. In our example, we are using a JDBC property file to get credentials. We create DataSource bean in Java configuration file.
This is the part that is incorrect:
UserServiceImpl userService = new UserServiceImpl();
When you instantiate the service yourself, its autowired dependencies will always be null. You must let the Spring container instantiate it (already done by marking the service with @Service) and then inject it in your security configuration class like this:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userService;
}
Problem solved with this piece of code from Bohuslav
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
}
Also missing
@ComponentScan("com.gi")
before
public class SecurityConfig extends WebSecurityConfigurerAdapter {
lack of which caused
Error:(24, 13) java: method userDetailsService in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder cannot be applied to given types; required: T found: com.gi.service.UserService reason: inferred type does not conform to upper bound(s) inferred: com.gi.service.UserService upper bound(s): org.springframework.security.core.userdetails.UserDetailsService
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With