spring security authentication not working

Question

I am trying out spring security for the first time but for some reason the authentication mechanism I have wrote is not firing -

Tech used - Spring 4.2.1, spring-security, jetty container, jersey and couchbase DB

SecurityConfig.java -

@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses={UserRepository.class, MyUserDetailService.class})
public class SecurityConfig extends WebSecurityConfigurerAdapter{

@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .and()
            .httpBasic();
//    For later
// 
//        http.authorizeRequests().antMatchers("/*")
//                .access("hasRole('ROLE_ADMIN')");
}

@Bean
public PasswordEncoder passwordEncoder(){
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    return encoder;
}

SecurityWebAppInitializer.java -

public class SecurityWebApplicationInitializer
    extends AbstractSecurityWebApplicationInitializer {

public SecurityWebApplicationInitializer() {
    super(SecurityConfig.class);
}
}

UserDetailService.java -

@Service("userDetailsService")
public class MyUserDetailService extends BaseServiceImpl<com.scoolboard.rest.entity.User, String> implements UserDetailsService {

@Autowired
private UserRepository userRepository;


protected UserRepository getRepository() {
    return userRepository;
}

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    com.scoolboard.rest.entity.User user = getRepository().findByUserEmail(username);
    List<GrantedAuthority> authorities = buildUserAuthority(new HashSet<UserRole>(user.getUserRole()));

    return buildUserForAuthentication(user, authorities);
}

// Converts com.mkyong.users.model.User user to
// org.springframework.security.core.userdetails.User
private User buildUserForAuthentication(com.scoolboard.rest.entity.User user,
                                        List<GrantedAuthority> authorities) {
    return new User(user.getEmail(), user.getPassword(),
            user.isEnabled(), true, true, true, authorities);
}

private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {

    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

    // Build user's authorities
    for (UserRole userRole : userRoles) {
        setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
    }

    List<GrantedAuthority> result = new ArrayList<GrantedAuthority>(setAuths);

    return result;
}
}

What am I missing over here.

Did you enable spring log and check ? I cant see any problem with the config — ArunM
– ArunM, Commented Sep 20, 2015 at 5:21
1. Are you using servlet api 3? 2. Does your container support it? (it may be overridden to 2.5) 3. Is the constructor of SecurityWebApplicationInitializer executed? 4. Stop debbuger on one of the controllers methods and check if you see security filters on stack trace. — Marek Raki
– Marek Raki, Commented Sep 20, 2015 at 17:47

user1952143 · Accepted Answer · 2015-09-20 21:20:13Z

5

I got it working by explicitly putting a filter chain in web.xml, something like this -

    <!-- Enables Spring Security -->

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>springSecurityFilterChain</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>

</filter-mapping>

I thought the SecurityWebApplicationInitializer class will take care of it (as per the spring security reference). I am really new to Spring and spring-security and if anyone can explain why it didn't work, that would be great.

answered Sep 20, 2015 at 21:20

user1952143

1551 silver badge10 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Vaibhav Jain Over a year ago

Even I would like to know the answer. Why this is required... ?

Collectives™ on Stack Overflow

spring security authentication not working

1 Answer 1

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related