Spring Security Java Config - custom AuthenticationProvider and UserDetailsService

spring-security spring-java-config
13,325

Here is an example of customized AuthenticationProvider and customized UserDetailsService: 

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider());
    }

    @Bean
    AuthenticationProvider customAuthenticationProvider() {
        CustomAuthenticationProvider impl = new CustomAuthenticationProvider();
        impl.setUserDetailsService(customUserDetailsService());
        /* other properties etc */
        return impl ;
    }

    @Bean   
    UserDetailsService customUserDetailsService() {
        /* custom UserDetailsService code here */
    }
}
Share:
13,325
Admin
Author by

Admin

Updated on July 03, 2022

Comments

  • Admin
    Admin almost 2 years

    I use java configuration to configure Spring Security, and I have customized AuthenticationProvider and customized UserDetailsService, to add extra login field following http://forum.spring.io/forum/spring-projects/security/95715-extra-login-fields

    I have difficulty to add both of the customized Classes into Spring Security framework by using java configuration. As java doc of AuthenticationProvider#authenticationProvider describes:

    Add authentication based upon the custom AuthenticationProvider that is passed in. Since the AuthenticationProvider implementation is unknown, all customizations must be done externally and the AuthenticationManagerBuilder is returned immediately.

    This method does NOT ensure that the UserDetailsService is available for the getDefaultUserDetailsService() method.

    So my question is what is the approach to set UserDetailsService in this case?

  • Admin
    Admin almost 9 years
    I notice that you initialize your customAuthenticationProvider and customUserDetailsService manually, is it not better to @Autowired them directly?
  • Ritesh
    Ritesh almost 9 years
    @Autowired is used in @Configuration class when you are wiring outside beans. In this code, customAuthenticationProvider and customUserDetailsService beans are declared in the same class and so there is no use case for @Autowired. Also note that AuthenticationManagerBuilder is declared somewhere else and so it is ok to use @Autowired.
  • user3791111
    user3791111 almost 7 years
    impl.setUserDetailsService(customUserDetailsService()); // this will not work, - the AuthenticationProvider interface has no setUserDetailsService() method.
  • Ritesh
    Ritesh almost 7 years
    Since it is a custom AuthenticationProvider implementation, you can add this method (after all any authentication provider would need a mechanism to load user details). See implementations of AuthenticationProvider such as DaoAuthenticationProvider, which has the setUserDetailsService method.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Spring Security Java Config
springSecurityFilterChain nullPointer Exception
Spring Security 3.2 code based configuration. Form login + global method security
Confusion around Spring Security anonymous access using Java Config
Spring: Enable global method security in Controller layer by java config
how do I set X-Frame-Options response header to allow-from value(s) using spring java config?
Spring Security Java Config
Disable Basic Authentication while using Spring Security Java configuration
Spring security oauth2 and form login configuration
How to represent the Spring Security "custom-filter" using Java configuration?