-
Notifications
You must be signed in to change notification settings - Fork 121
"No matching bean ... found" while initializing custom UserDetailsService and AuthenticationProvider #50
Comments
I'm guessing you have a circular dependency which can be handled by XML configuration, but not by the Java Configuration. Can you post your entire configuration? I have added a test that demonstrates Spring Data usage for an AuthenticationProvider in commit f52d3ef |
Ok I'll post some more details concerning this security configuration, also because some of the following methods and classes have roots in some websites (or at least similar to them). My business application has the demand to have the current User model object contained in a custom UserDetails class, which has no further autowire annotations. This class, called PasswordUserDetails (which also maps the database roles to security roles), is needed by the custom AuthenticationProvider class as followed:
Next class beeing need for this demand, is the UserDetailsService implementation:
Concerning my SecurityConfig class, it is similar to your class mentioned in your commit,
Which is needed to get the current User model object from the PasswordUserDetails of the security context as follows:
If I disable the upper annotation, the exceptions on startup do not happen.
|
Thanks for the response. I can't be certain without your complete configuration, but I believe I found the issue. I have pushed out a fix as part of 36f51bc. Please ensure you update to the latest snapshot to try the changes I made and let me know if this resolves the issue you were having. |
Ok, last action for me today. I enforced that maven updated to the latest snapshot and ran my webapp. But when I try to log in, an exception is raised due to a not registered mapping:
My first thought about this was to just cut out this "issue" part of code into a "tiny" example project, I will do this as soon as possible, I hope to have some time at the coming weekend, if not before. |
I think this is a different issue (and not with the Spring Security Java Config). Java Configuration defaults to use /login instead of /j_spring_security_check. From the README
These defaults also follow best practices of not having information leakage. Specifically the old defaults j_spring_security_check it was quite obvious that Spring Security was used. If an attacker observed this and Spring Security had a bug in it, the attacker would have an easier time identifying how to attack your application. If you want to use the old conventions, you can do something like is done in the NamespaceHttpFormLoginTests. Of course you would use the values that align with the old defaults that looks something like:
|
Indeed it is written in the README file. I like the approach to make spring security more secure. 👍 Concerning the "nearly", I'm preparing the next issue concerning a custom remember-me service. |
In my business application I am using
the following application stack:
Before trying the new javaconfig implementations,
I have a working business application (as follows) using spring-security.xml.
Furthermore based on the entities / models from database (User, Role, Auth)
and repositories (JpaRepository from spring-data-jpa) only as interfaces,
I have implemented a custom UserDetailsService and AuthenticationProvider,
in which the repositories of the User model is getting @Inject-ed (and some more).
Thus for configurating these, I provided them as beans:
Like in some of your examples, I configured these in a similar way:
So far so good, I think the other config is not important at the moment. When I try to start my tomcat server (in eclipse), I noticed in the logs that spring-data-jpa created the required beans, e.g.:
The next initialized beans are about my beans from java configuration (mvc, view, persistence), e.g.:
After the latter initialization usually the xml from spring security is read and beans are created. In case of the java config of spring security (the test problem now), it is complaining that it cannot inject the upper mentioned userRepository, though working in xml mode. The complete exception chain is listed here:
http://pastebin.com/KK9wXR46
Do you have any idea what the problem could be ?
I thought, maybe your java config is intitializing too early,
that my userRepository bean could not be found (though working in xml mode).
The text was updated successfully, but these errors were encountered: