Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security Java Config - custom AuthenticationProvider and UserDetailsService

Tags:

spring-security

spring-java-config

I use java configuration to configure Spring Security, and I have customized AuthenticationProvider and customized UserDetailsService, to add extra login field following http://forum.spring.io/forum/spring-projects/security/95715-extra-login-fields

I have difficulty to add both of the customized Classes into Spring Security framework by using java configuration. As java doc of AuthenticationProvider#authenticationProvider describes:

Add authentication based upon the custom AuthenticationProvider that is passed in. Since the AuthenticationProvider implementation is unknown, all customizations must be done externally and the AuthenticationManagerBuilder is returned immediately.

This method does NOT ensure that the UserDetailsService is available for the getDefaultUserDetailsService() method.

So my question is what is the approach to set UserDetailsService in this case?

like image 994
wgui Avatar asked Aug 13 '14 00:08

wgui

People also ask

What is difference between AuthenticationManager and AuthenticationProvider?

The Authentication Manager is only a interface and actual implementation of the authenticate method is provided by the ProviderManager. The ProviderManager has a list of AuthenticationProviders. From it's authenticate method it calls the authenticate method of the appropriate AuthenticateProvider.

What is UserDetailsService in Spring Security?

The UserDetailsService interface is used to retrieve user-related data. It has one method named loadUserByUsername() which can be overridden to customize the process of finding the user. It is used by the DaoAuthenticationProvider to load details about the user during authentication.

What is AuthenticationProvider in Spring Security?

The Authentication Provider Spring Security provides a variety of options for performing authentication. These options follow a simple contract; an Authentication request is processed by an AuthenticationProvider, and a fully authenticated object with full credentials is returned.

How do I configure AuthenticationManagerBuilder?

Step 1: Add the security jar or dependency in your application. Step 2: Create a security config class and extend the WebSecurityConfigurerAdapter class. Step 3: Add the annotation @EnableWebSecurity on top of the class. Step 4: For authentication, override the method configure(AuthenticationManagerBuilder auth) .

1 Answers

Here is an example of customized AuthenticationProvider and customized UserDetailsService: 

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider());
    }

    @Bean
    AuthenticationProvider customAuthenticationProvider() {
        CustomAuthenticationProvider impl = new CustomAuthenticationProvider();
        impl.setUserDetailsService(customUserDetailsService());
        /* other properties etc */
        return impl ;
    }

    @Bean   
    UserDetailsService customUserDetailsService() {
        /* custom UserDetailsService code here */
    }
}
like image 163
Ritesh Avatar answered Oct 16 '22 14:10

Ritesh
Sign in to Comment

Related questions

Maximum concurrent users in Spring Security
Spring Security Single Sign On in Windows Environment
spring security - access-denied-handler
How to implement token verification via token introspection endpoint in Spring Boot?
Spring boot Basic Authentication and OAuth2 in same project?
Spring boot 1.5.9, 404 error while accessing resources images within Docker container
Spring Security & Facebook OAuth 2.0 Integration with Graph API
Spring security securing the service layer, the web-service layer or both?
How to programatically return a json response after executing a custom filter UsernamePasswordAuthenticationFilter?
Configure Spring Security to return 403 for REST URLs and redirect to login for other URLs
Why doesn't my custom login page show with Spring Security 4?
Multi-user restful api using spring boot, jpa and security
Securing a Spring Data RepositoryRestResource (CrudRepository) over HTTP, but not internally
Spring boot security consider case insensitive username check for login
Spring Keycloak adapter Permissions Policy Enforcer. How to set it up
Use Spring Properties in Java with CrossOrigin Annotation or in Spring-Config XML
Spring Security with Spring Boot: Mix Basic Authentication with JWT token authentication [duplicate]
Encoded Precent(%25) with Spring RequestMapping path param gives HTTP 400
Implementing Hierarchical Roles in Spring Security
SpelEvaluationException: EL1007E:(pos 43): Field or property 'group' cannot be found on null

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!