Add custom UserDetailsService to Spring Security OAuth2 app -
how add custom userdetailsservice
below this spring oauth2 sample?
the default user
default password
defined in application.properties
file of authserver
app.
however, add following custom userdetailsservice
the demo
package of authserver
app testing purposes:
package demo; import java.util.list; import org.springframework.security.core.grantedauthority; import org.springframework.security.core.authority.authorityutils; import org.springframework.security.core.userdetails.userdetails; import org.springframework.security.core.userdetails.usernamenotfoundexception; import org.springframework.security.provisioning.userdetailsmanager; import org.springframework.stereotype.service; @service class users implements userdetailsmanager { @override public userdetails loaduserbyusername(string username) throws usernamenotfoundexception { string password; list<grantedauthority> auth = authorityutils.commaseparatedstringtoauthoritylist("role_user"); if (username.equals("samwise")) { auth = authorityutils.commaseparatedstringtoauthoritylist("role_hobbit"); password = "theshire"; } else if (username.equals("frodo")){ auth = authorityutils.commaseparatedstringtoauthoritylist("role_hobbit"); password = "myring"; } else{throw new usernamenotfoundexception("username not found. ");} return new org.springframework.security.core.userdetails.user(username, password, auth); } @override public void createuser(userdetails user) {// todo auto-generated method stub } @override public void updateuser(userdetails user) {// todo auto-generated method stub } @override public void deleteuser(string username) {// todo auto-generated method stub } @override public void changepassword(string oldpassword, string newpassword) { // todo auto-generated method stub } @override public boolean userexists(string username) { // todo auto-generated method stub return false; } }
as can see, userdetailsservice
not autowired
yet, , purposely uses insecure passwords because designed testing purposes.
what specific changes need made the github sample app user can login username=samwise
password=theshire
, or username=frodo
password=myring
? changes need made authserverapplication.java
or elsewhere?
suggestions:
the spring oauth2 developer guide says use globalauthenticationmanagerconfigurer
configure userdetailsservice
globally. however, googling names produces less helpful results.
also, different app uses internal spring security instead of oauth uses following syntax hook userdetailsservice
, not sure how adjust syntax current op:
@order(ordered.highest_precedence) @configuration protected static class authenticationsecurity extends globalauthenticationconfigureradapter { @autowired private users users; @override public void init(authenticationmanagerbuilder auth) throws exception { auth.userdetailsservice(users); } }
i tried using @autowire
inside oauth2authorizationconfig
connect users
authorizationserverendpointsconfigurer
follows:
@autowired//this test private users users;//this test @override public void configure(authorizationserverendpointsconfigurer endpoints) throws exception { endpoints.authenticationmanager(authenticationmanager) .accesstokenconverter(jwtaccesstokenconverter()) .userdetailsservice(users)//detailsservice)//this line test ; }
but spring boot logs indicate user samwise
not found, means userdetailsservice
not hooked up. here relevant excerpt spring boot logs:
2016-04-20 15:34:39.998 debug 5535 --- [nio-9999-exec-9] o.s.s.a.dao.daoauthenticationprovider : user 'samwise' not found 2016-04-20 15:34:39.998 debug 5535 --- [nio-9999-exec-9] w.a.usernamepasswordauthenticationfilter : authentication request failed: org.springframework.security.authentication.badcredentialsexception: bad credentials
what else can try?
i ran similar issue when developing oauth server spring security. situation different, wanted add userdetailsservice
authenticate refresh tokens, think solution well.
like you, first tried specifying userdetailsservice
using authorizationserverendpointsconfigurer
, not work. i'm not sure if bug or design, userdetailsservice
needs set in authenticationmanager
in order various oauth2 classes find it. worked me:
@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter { @autowired users userdetailsservice; @autowired public void configauthentication(authenticationmanagerbuilder auth) throws exception { auth.userdetailsservice(userdetailsservice); } @override protected void configure(httpsecurity http) throws exception { http.authorizerequests() // other stuff configure security } }
i think if changed following starting @ line 73, may work you:
@override protected void configure(authenticationmanagerbuilder auth) throws exception { auth.parentauthenticationmanager(authenticationmanager) .userdetailsservice(userdetailsservice); }
you of course need add @autowired users userdetailsservice;
somewhere in websecurityconfigureradapter
other things wanted mention:
- this may version specific, i'm on spring-security-oauth2 2.0.12
- i can't cite sources why way is, i'm not sure if solution real solution or hack.
- the
globalauthenticationmanagerconfigurer
referred in guide typo, can't find string anywhere in source code in spring.
Comments
Post a Comment