0

I'm having an issue with spring security 3 while trying to implement my own Customauthentication. Following this page steps I wrote this class:

public class CustomAuth implements AuthenticationManager {

@Override
public Authentication authenticate(Authentication auth)
        throws AuthenticationException {

    UserService service = new UserService();

    User user = service.login((String) auth.getPrincipal(), new String(
            DigestUtils.sha256((String) auth.getCredentials())));

    LinkedList<GrantedAuthority> authorities = new LinkedList<>();

    if (user != null) {
        authorities.add(new SimpleGrantedAuthority(user.getRole()));

        return new UsernamePasswordAuthenticationToken(user.getUsername(),
                user.getPassword(), authorities);
    }

    return null;
}

}

And this is my spring-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">


<security:http pattern="/resources/**" security="none" />

<security:http auto-config="true" >

    <security:intercept-url pattern="/user/**"
        access="ROLE_USER" />
    <security:intercept-url pattern="/admin/**"
        access="ROLE_ADMIN,ROLE_USER" />

    <security:form-login login-page="/login"
        authentication-failure-url="/login?error=true" />

    <security:logout invalidate-session="true" />

    <security:session-management>
        <security:concurrency-control
            max-sessions="1" />

    </security:session-management>


</security:http>
<security:authentication-manager>
    <security:authentication-provider ref="myAuthProvider" />

</security:authentication-manager>


    <bean id="myAuthProvider" class="org.jhonnytunes.security.CustomAuth">

</bean>

</beans>

And tomcat7 is logging this while app not displaying at browser.

Im using:

  1. Eclipse Kepler
  2. Ubuntu 13.04
  3. JDK 1.7
  4. Tomcat7
  5. Eclipse STS plugin

What can be this?

Improve this question

2 Answers 2

Reset to default
3

CustomAuth should implement AuthenticationProvider, not AuthenticationManager.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

implements'AuthenticationProvider' instead of 'AuthenticationManager'

'throw new BadCredentialsException (String)' instead of 'return null'

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.