Add custom UserDetailsService to Spring Security OAuth2 app -


how add custom userdetailsservice below this spring oauth2 sample?

the default user default password defined in application.properties file of authserver app.

however, add following custom userdetailsservice the demo package of authserver app testing purposes:

package demo;  import java.util.list; import org.springframework.security.core.grantedauthority; import org.springframework.security.core.authority.authorityutils; import org.springframework.security.core.userdetails.userdetails; import org.springframework.security.core.userdetails.usernamenotfoundexception; import org.springframework.security.provisioning.userdetailsmanager; import org.springframework.stereotype.service;  @service class users implements userdetailsmanager {      @override     public userdetails loaduserbyusername(string username) throws usernamenotfoundexception {         string password;         list<grantedauthority> auth = authorityutils.commaseparatedstringtoauthoritylist("role_user");         if (username.equals("samwise")) {             auth = authorityutils.commaseparatedstringtoauthoritylist("role_hobbit");             password = "theshire";         }         else if (username.equals("frodo")){             auth = authorityutils.commaseparatedstringtoauthoritylist("role_hobbit");             password = "myring";         }         else{throw new usernamenotfoundexception("username not found. ");}         return new org.springframework.security.core.userdetails.user(username, password, auth);     }      @override     public void createuser(userdetails user) {// todo auto-generated method stub     }      @override     public void updateuser(userdetails user) {// todo auto-generated method stub     }      @override     public void deleteuser(string username) {// todo auto-generated method stub     }      @override     public void changepassword(string oldpassword, string newpassword) {         // todo auto-generated method stub     }      @override     public boolean userexists(string username) {         // todo auto-generated method stub         return false;     } } 

as can see, userdetailsservice not autowired yet, , purposely uses insecure passwords because designed testing purposes.

what specific changes need made the github sample app user can login username=samwise password=theshire, or username=frodo password=myring? changes need made authserverapplication.java or elsewhere?


suggestions:


the spring oauth2 developer guide says use globalauthenticationmanagerconfigurer configure userdetailsservice globally. however, googling names produces less helpful results.

also, different app uses internal spring security instead of oauth uses following syntax hook userdetailsservice, not sure how adjust syntax current op:

@order(ordered.highest_precedence) @configuration protected static class authenticationsecurity extends globalauthenticationconfigureradapter {      @autowired     private users users;      @override     public void init(authenticationmanagerbuilder auth) throws exception {         auth.userdetailsservice(users);     } } 

i tried using @autowire inside oauth2authorizationconfig connect users authorizationserverendpointsconfigurer follows:

@autowired//this test private users users;//this test  @override public void configure(authorizationserverendpointsconfigurer endpoints) throws exception {    endpoints.authenticationmanager(authenticationmanager)         .accesstokenconverter(jwtaccesstokenconverter())         .userdetailsservice(users)//detailsservice)//this line test         ; } 

but spring boot logs indicate user samwise not found, means userdetailsservice not hooked up. here relevant excerpt spring boot logs:

2016-04-20 15:34:39.998 debug 5535 --- [nio-9999-exec-9] o.s.s.a.dao.daoauthenticationprovider    :           user 'samwise' not found 2016-04-20 15:34:39.998 debug 5535 --- [nio-9999-exec-9]            w.a.usernamepasswordauthenticationfilter :           authentication request failed:           org.springframework.security.authentication.badcredentialsexception:           bad credentials 

what else can try?

i ran similar issue when developing oauth server spring security. situation different, wanted add userdetailsservice authenticate refresh tokens, think solution well.

like you, first tried specifying userdetailsservice using authorizationserverendpointsconfigurer, not work. i'm not sure if bug or design, userdetailsservice needs set in authenticationmanager in order various oauth2 classes find it. worked me:

@configuration @enablewebsecurity  public class securityconfig extends websecurityconfigureradapter {    @autowired   users userdetailsservice;    @autowired   public void configauthentication(authenticationmanagerbuilder auth) throws exception {     auth.userdetailsservice(userdetailsservice);   }    @override   protected void configure(httpsecurity http) throws exception {     http.authorizerequests()     // other stuff configure security   }  } 

i think if changed following starting @ line 73, may work you:

@override protected void configure(authenticationmanagerbuilder auth) throws exception {     auth.parentauthenticationmanager(authenticationmanager)         .userdetailsservice(userdetailsservice); } 

you of course need add @autowired users userdetailsservice; somewhere in websecurityconfigureradapter

other things wanted mention:

  1. this may version specific, i'm on spring-security-oauth2 2.0.12
  2. i can't cite sources why way is, i'm not sure if solution real solution or hack.
  3. the globalauthenticationmanagerconfigurer referred in guide typo, can't find string anywhere in source code in spring.

Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -