Spring Security Configuration

0
votes

I have read numerous threads on spring security before posting the question still not able to resolve it.

I am trying to configure customized spring security i.e. having a service class(UserService) that does the authentication. However, either it is not able to reach UserService. I trying to put only relevant code snippet below:

I HAVE UPDATED THE EXCEPTION LOGS

Web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
                /WEB-INF/spring/root-context.xml
    </param-value>
</context-param>

<filter>
     <filter-name>springSecurityFilterChain</filter-name>
     <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
     </filter-class>
 </filter>

<filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

appServlet-servlet.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"   
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/mvc       http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
    http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/aop
    http://www.springframework.org/schema/aop/spring-aop.xsd">



<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />

<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />

<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
</beans:bean>

 <context:component-scan base-package="com.autoshipcart.service, com.autoshipcart.serviceImpl, com.autoshipcart.dao, com.autoshipcart.admin, com.autoshipcart.admin.service, com.autoshipcart.admin.serviceImpl, com.autoshipcart.admin.dao, com.autoshipcart.admin.validator, com.autoshipcart.framework" />
 <context:annotation-config />

<beans:bean id="messageSource"
    class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
    <beans:property name="basename" value="classpath:adminproperties/messages" />
    <beans:property name="defaultEncoding" value="UTF-8" />
</beans:bean>
<beans:bean id="multipartResolver"
    class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
     <!-- one of the properties available; the maximum file size in bytes -->
   <beans:property name="maxUploadSize" value="50000000" />

   </beans:bean>

<beans:bean id="localeChangeInterceptor"
      class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
    <beans:property name="paramName" value="siteLanguage"/>
</beans:bean>

<beans:bean id="localeResolver"
      class="org.springframework.web.servlet.i18n.CookieLocaleResolver"/>

root-context.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"   
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
            http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">


<!-- Root Context: defines shared resources visible to all other web components -->
    <context:component-scan base-package="com.autoshipcart.service, com.autoshipcart.serviceImpl, com.autoshipcart.dao, com.autoshipcart.admin, com.autoshipcart.admin.service, com.autoshipcart.admin.serviceImpl, com.autoshipcart.admin.dao, com.autoshipcart.admin.validator, com.autoshipcart.framework" />
    <context:annotation-config />

    <bean id="propertyConfigurer"
    class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <property name="locations">
        <list>
            <value>classpath:adminproperties/jdbc.properties</value>
            <value>classpath:adminproperties/mail.properties</value>

       </list>
    </property>
    <property name="ignoreUnresolvablePlaceholders" value="true"/>        
</bean>

<bean id="dataSourceMaster"
    class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="${master.jdbc.driverClassName}"/>
    <property name="url" value="${master.jdbc.databaseurl}"/>
    <property name="username" value="${master.jdbc.username}"/>
    <property name="password" value="${master.jdbc.password}"/>
</bean>

<bean id="dataSourceCart1"
    class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="${cart1.jdbc.driverClassName}"/>
    <property name="url" value="${cart1.jdbc.databaseurl}"/>
    <property name="username" value="${cart1.jdbc.username}"/>
    <property name="password" value="${cart1.jdbc.password}"/>
</bean>

<bean id="sessionFactoryMaster"
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
    <property name="dataSource" ref="dataSourceMaster" />
    <property name="configLocation">
        <value>classpath:hibernate.master.cfg.xml</value>
    </property>
    <property name="configurationClass">
        <value>org.hibernate.cfg.AnnotationConfiguration</value>
    </property>
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.dialect">${master.jdbc.dialect}</prop>
            <prop key="hibernate.show_sql">true</prop>
            <prop key="hibernate.connection.charSet">UTF-8</prop>
            <prop key="hibernate.cache">false</prop>                  
            <prop key="hibernate.cglib.use_reflection_optimizer">false</prop>  
            <prop key="cache.provider_class">org.hibernate.cache.NoCacheProvider</prop>  
            <prop key="hibernate.cache.use_second_level_cache">false</prop>
            <prop key="hibernate.transaction.flush_before_completion">true</prop>  
        </props>
    </property>
</bean>

<bean id="sessionFactoryCart1"
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
    <property name="dataSource" ref="dataSourceCart1" />
    <property name="configLocation">
        <value>classpath:hibernate.cfg.xml</value>
    </property>
    <property name="configurationClass">
        <value>org.hibernate.cfg.AnnotationConfiguration</value>
    </property>
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.dialect">${cart1.jdbc.dialect}</prop>
            <prop key="hibernate.show_sql">true</prop>
            <prop key="hibernate.connection.charSet">UTF-8</prop>
            <prop key="hibernate.cache">false</prop>                  
            <prop key="hibernate.cglib.use_reflection_optimizer">false</prop>  
            <prop key="cache.provider_class">org.hibernate.cache.NoCacheProvider</prop>  
            <prop key="hibernate.cache.use_second_level_cache">false</prop>
            <prop key="hibernate.transaction.flush_before_completion">true</prop>  
        </props>
    </property>
</bean>
    <tx:annotation-driven proxy-target-class="true" />
<bean id="transactionManagerMaster"
    class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactoryMaster" />
</bean>
    <bean id="transactionManagerCart1"
    class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactoryCart1" />
</bean>

<bean id="velocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
    <property name="velocityProperties">
        <value>
            resource.loader=class
            class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
        </value>
    </property>
</bean>

<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
    <property name="host" value="${mail.host}" />
    <property name="port" value="${mail.port}" />
    <property name="username" value="${mail.username}" />
    <property name="password" value="${mail.password}" />

    <property name="javaMailProperties">
        <props>
            <prop key="mail.smtp.auth">${mail.smtp.auth}</prop>
            <prop key="mail.smtp.starttls.enable">${mail.smtp.starttls.enable}</prop>
        </props>
    </property>

</bean>

<bean id="mailSenderUtil" class="com.autoshipcart.framework.util.MailSenderUtil">
    <property name="mailSender" ref="mailSender"></property>
</bean>


  <bean id="userService" class="com.autoshipcart.admin.serviceImpl.UserServiceImpl"></bean>
<bean id="userDAO" class="com.autoshipcart.admin.hibernatedao.UserHibernateDAO"></bean>

<!-- <bean id="webExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> -->



<security:http auto-config="true" use-expressions="false">


     <security:intercept-url pattern="/dashboard" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <security:form-login login-page="/login"
        login-processing-url="/static/j_spring_security_check"
        default-target-url="/dashboard" 
        authentication-failure-url="/logout"
         />         
 </security:http>

<security:authentication-manager>
    <security:authentication-provider user-service-ref="userService">
        <security:password-encoder hash="plaintext"/>
    </security:authentication-provider>
</security:authentication-manager>

UserServiceImpl.java

package com.autoshipcart.admin.serviceImpl;

/*@Service("userService")*/
@Transactional
public class UserServiceImpl implements UserService,UserDetailsService {

@Autowired
private UserDAO userDAO;


@Transactional
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException {
    System.out.println("test>>>>"+ username);
    System.out.println("test2>>>>"+ username);
    UserVO temp= new UserVO();
try{
    User user= userDAO.authenticateUser(username);
        if(user!=null){
            new UserVO();
        }else{          
            throw new UsernameNotFoundException("UserName or Password is incorrect!");
        }



temp.setEmail(user.getEmailId());
temp.setFirstName(user.getFirstName());
temp.setLastName(user.getLastName());
temp.setPassword(user.getPassword());
temp.setUsername(user.getUserName());

}catch(Exception e){
    e.printStackTrace();

}
    return temp;    
}

}

AdminController.java

    @RequestMapping(value = {"/","/dashboard"}, method = {RequestMethod.GET})
public String showDashboard(HttpSession session, 
        Map<String, Object> map, Model model) {
System.out.println("In controller>>");
        String loggedIn= (String) session.getAttribute("loggedIn"); // This job will be done by AOP Intercepor

        if(loggedIn==null)
                return "login";
            else
                return "dashboard";
}   


@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpSession session, HttpServletResponse response,
        Map<String, Object> map, Model model) {
    logger.info("logout function is called>>>>>");
    System.out.println("logout function is called");
    if(session.getAttribute("loggedIn")=="true"&&session.getAttribute("configMap")!=null)
    {    System.out.println("session");
        session.setAttribute("loggedIn", null);
        session.setAttribute("configMap", null);
        session.invalidate();
        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0); // Proxies.
    }
  return "login";//"redirect:/";
}

i AM NO MORE GETTING ANY EXCEPTION. Following are the logs when I try to log in:

DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@6ab494c6. A new one will be created. DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication DEBUG: org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: **

org.springframework.security.authentication.AuthenticationServiceException: No bean named 'transactionManager' is defined

DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@125e3283 DEBUG: org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /logout DEBUG: org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/ascartadmin/logout' DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. DEBUG: org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@6ab494c6. A new one will be created. DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 1CCAA9863B99B4E75D065F26D664ADE5; Granted Authorities: ROLE_ANONYMOUS' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /logout at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/logout'; against '/dashboard' DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted DEBUG: org.springframework.security.web.FilterChainProxy - /logout reached end of additional filter chain; proceeding with original chain INFO : com.autoshipcart.admin.controller.AdminController - logout function is called>>>>> logout function is called DEBUG: org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. DEBUG: org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

1
springspring-security
No matching bean of type [com.autoshipcart.framework.ConfigurationLoader] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency...? can you post ConfigurationLoader class hereRamesh Kotha
I checked it. It didn't have @Component. I added it. Below is the updated ConfigurationLoader class and the new exception: Not able to add that because of character restriction.user2879206
I am not able to paste it because of character restrictions. I made some changes and now I am to start server with any exceptions. However, my customized UserServiceImpl is not picking up. <security:authentication-manager> <security:authentication-provider user-service-ref="userService"> <security:password-encoder hash="plaintext"/> </security:authentication-provider> </security:authentication-manager>. As soon as I enter username/password, it redirects to logout with even touching userserviceimpl.user2879206
hope this helps java2practice.com/2013/07/22/…Ramesh Kotha
Thanks a lot for the link. Its a great article. However, even after tweaking my code as per the article, it is behaving similarly. It seems, it is not identifying my customized userserviceimpl. It directly redirects to logout as soon as I enter credentials. Please see the logs: INFO: Server startup in 13626 ms INFO : com.autoshipcart.admin.controller.AdminController - logout function is called>>>>> logout function is calleduser2879206

1 Answers

0
votes

your login processing url in security config is login-processing-url="/static/j_spring_security_check" why have you appended static to this url, spring default is /j_spring_security_check, just try after removing static keyword