Spring Security:DataBase authentication provider

0
votes

Can't get Spring Security to work with DB authentication provider.
In-memory authentication provider works OK.

Step to reproduce:
when I logged with credentials sb,sb,login() method of AuthenticationService returned false.
There are no related log in Tomcat.

applicationContext.xml:

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
    <property name="url" value="jdbc:mysql://localhost/chirokDB?useUnicode=true&amp;characterEncoding=utf8"/>
    <property name="username" value="root"/>
    <property name="password" value="root"/>
</bean>

<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource" ref="dataSource"/>
</bean>

service layer:

@Service("authenticationService")
   public class AuthenticationServiceImpl implements AuthenticationService {
    @Resource(name = "authenticationManager")
    private AuthenticationManager authenticationManager;
        public boolean login(String username, String password) {
        try {
        Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
                    username, password));
            if (authenticate.isAuthenticated()) {
    SecurityContextHolder.getContext().setAuthentication(authenticate);
                    return true;
                }
            } catch (AuthenticationException e) {
            }
            return false;
   }

managed bean level:

public String doLogin() {
    boolean isLoggedIn = authenticationService.login(name, password);
    if (isLoggedIn) {
        return "index";
    }
    FacesContext.getCurrentInstance().addMessage("login failure", new FacesMessage());
    return "failureLogin";
}

applicationContext-security.xml:

<global-method-security pre-post-annotations="enabled"/>  
    <http auto-config="true">
    <form-login login-page="/login.xhtml" default-target-url="/index.xhtml"/>
        <intercept-url pattern="/contacts.xhtml" access="ROLE_ANONYMOUS,ROLE_USER"/>
        <intercept-url pattern="/delivery.xhtml" access="ROLE_USER"/>
        <logout invalidate-session="true"/>
        <session-management>
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
        </session-management>   
    </http>          

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"/>
        </authentication-provider>
    </authentication-manager>

persistence level:
MySql DB has following standard tables(required by Spring):
1. users
2. authorities

users table has record with username='sb' and password='sb'
authorities table has record with username='sb' and authority='ROLE_USER'

note
with user-in memory all works OK with following config:

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="sb" password="sb" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

assumption:
dataSource injected into org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
As far Hibernate ORM used, perhaps some other than JdbcDaoImpl should be used?

1
javadatabaseauthenticationspring-securityprovider
In what sense does it not work?jtoberon
jtoberon,I've update my post. See "Step to reproduce" section,please.sergionni
What's an AuthenticationService?jtoberon
AuthenticationService is just simple interface with login() method.About exception,you're right,I'll investigate this.sergionni

1 Answers

1
votes

Check if you're getting an Exception in your empty catch block (which always is a bad idea).