0

Can't get Spring Security to work with DB authentication provider.
In-memory authentication provider works OK.

Step to reproduce:
when I logged with credentials sb,sb,login() method of AuthenticationService returned false.
There are no related log in Tomcat.

applicationContext.xml:

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
    <property name="url" value="jdbc:mysql://localhost/chirokDB?useUnicode=true&amp;characterEncoding=utf8"/>
    <property name="username" value="root"/>
    <property name="password" value="root"/>
</bean>

<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource" ref="dataSource"/>
</bean>

service layer:

@Service("authenticationService")
   public class AuthenticationServiceImpl implements AuthenticationService {
    @Resource(name = "authenticationManager")
    private AuthenticationManager authenticationManager;
        public boolean login(String username, String password) {
        try {
        Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
                    username, password));
            if (authenticate.isAuthenticated()) {
    SecurityContextHolder.getContext().setAuthentication(authenticate);
                    return true;
                }
            } catch (AuthenticationException e) {
            }
            return false;
   }

managed bean level:

public String doLogin() {
    boolean isLoggedIn = authenticationService.login(name, password);
    if (isLoggedIn) {
        return "index";
    }
    FacesContext.getCurrentInstance().addMessage("login failure", new FacesMessage());
    return "failureLogin";
}

applicationContext-security.xml:

<global-method-security pre-post-annotations="enabled"/>  
    <http auto-config="true">
    <form-login login-page="/login.xhtml" default-target-url="/index.xhtml"/>
        <intercept-url pattern="/contacts.xhtml" access="ROLE_ANONYMOUS,ROLE_USER"/>
        <intercept-url pattern="/delivery.xhtml" access="ROLE_USER"/>
        <logout invalidate-session="true"/>
        <session-management>
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
        </session-management>   
    </http>          

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"/>
        </authentication-provider>
    </authentication-manager>

persistence level:
MySql DB has following standard tables(required by Spring):
1. users
2. authorities

users table has record with username='sb' and password='sb'
authorities table has record with username='sb' and authority='ROLE_USER'

note
with user-in memory all works OK with following config:

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="sb" password="sb" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

assumption:
dataSource injected into org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
As far Hibernate ORM used, perhaps some other than JdbcDaoImpl should be used?

Improve this question
4
  • In what sense does it not work? Commented Dec 7, 2011 at 13:35
  • jtoberon,I've update my post. See "Step to reproduce" section,please. Commented Dec 7, 2011 at 13:36
  • What's an AuthenticationService? Commented Dec 7, 2011 at 14:10
  • AuthenticationService is just simple interface with login() method.About exception,you're right,I'll investigate this. Commented Dec 7, 2011 at 14:11

1 Answer 1

Reset to default
1

Check if you're getting an Exception in your empty catch block (which always is a bad idea).

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

jtoberon,thank you for hint,I've got: PreparedStatementCallback; bad SQL grammar [select username,password,enabled from users where username = ?]
continue:org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad SQL grammar [select username,password,enabled from users where username = ?]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'enabled' in 'field list' Looks like I should provide one more field, called enabled,but why? I created table users according to Spring docs.
Oh,I'm wrong,there was such field,called enabled: static.springsource.org/spring-security/site/docs/3.0.x/…
no prob -- it's often the easy stuff that wastes the most time!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.