Spring security 4 (annotations) from database not working




Asked on August 29, 2016

Hello!

I am struggling with Spring for a while and now i have moved on to the security part. I was following some tutorials and I find myself stuck, the security won't work, but I don't receive any errors either.

I have implemented the SecurityConfig class:

@Configuration
@EnableWebSecurity
@ComponentScan("laura.bachelordegree.*")
@EnableAspectJAutoProxy(proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
    DataSource dataSource;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        System.out.println("enter configAuthentication");
      auth.jdbcAuthentication().dataSource(dataSource)
        .usersByUsernameQuery("select username, password, enabled from [USER] where username=?")
        .authoritiesByUsernameQuery("select username, role from ROLE where username=?");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("enter configure");
      http.authorizeRequests()
        .antMatchers("/**").access("hasRole('ROLE_USER')")
        .and()
          .formLogin().loginPage("/login").failureUrl("/login?error")
          .usernameParameter("username").passwordParameter("password")
        .and()
          .logout().logoutSuccessUrl("/login?logout")
        .and()
          .exceptionHandling().accessDeniedPage("/403")
        .and()
          .csrf();
    }
}
Also, the implementation of UserDetailsService:
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
    @Autowired
    private UserDao userDao;

    @Transactional(readOnly=true)
    @Override
    public UserDetails loadUserByUsername(final String username)
        throws UsernameNotFoundException {
        System.out.println("entered loadUserByUsername");
        laura.bachelordegree.model.User user = userDao.findByUserName(username);
        List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRole());
        System.out.println("found " + authorities.size() + " authorities: " + authorities.toString());
        return buildUserForAuthentication(user, authorities);

    }

    private User buildUserForAuthentication(laura.bachelordegree.model.User user,
        List<GrantedAuthority> authorities) {
        System.out.println("entered buildUserForAuthentication");
        return new User(user.getUsername(), user.getPassword(),
            user.isEnabled(), true, true, true, authorities);
    }

    private List<GrantedAuthority> buildUserAuthority(Set<Role> userRoles) {
        System.out.println("entered buildUserAuthority");
        Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

        for (Role userRole : userRoles) {
            setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
        }

        List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
        System.out.println("found authorities");
        return Result;
    }
}
The UserDAO implementation contains findByUserName:
@Repository
public class UserDaoImpl implements UserDao {

    @Autowired
    private SessionFactory sessionFactory;

    protected Session getCurrentSession() {
        return sessionFactory.getCurrentSession();
    }

    @SuppressWarnings({ "unchecked", "deprecation" })
    public User findByUserName(String username) {
        System.out.println("entered findByUserName");
        List<User> users = new ArrayList<User>();

        users = sessionFactory.getCurrentSession().createQuery("from User where username=?").setParameter(0, username)
                .list();
        System.out.println("retrieved number of users: " + users.size());

        if (users.size() > 0) {
            return users.get(0);
        } else {
            return null;
        }
    }
Any idea what else i should configure in order to make it work? I know there are a lot of tutorials out there on security, but that's the problem: there are too many different ways of doing this and i find it difficult to make sense of it.



Replied on August 29, 2016
You need to check for  @EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)


@Configuration
@EnableWebSecurity
@ComponentScan("laura.bachelordegree.*")
@EnableAspectJAutoProxy(proxyTargetClass = true)
@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {



You can also refer the URL







Replied on September 04, 2016
Thank for the advice, it worked :)

Write Answer










©2024 concretepage.com | Privacy Policy | Contact Us