I am trying to create my own filter for authentication, since I am forced to use a combination of AD and a local database (arg!) To determine access rights. I use official docs, for this particular problem this part is mostly.
However, when I start my server, it complains that the AuthenticationManager is null, while I believe that I set it to XML as covered in this SO question . What am I missing here?
An exception:
SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified ... Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified at org.springframework.util.Assert.notNull(Assert.java:112)
XML: (with some simplified class names)
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <context:property-placeholder location="classpath*:META-INF/spring/*.properties" /> <context:spring-configured /> <context:component-scan base-package="myapp" /> <sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint" access-denied-page="/denied.jsp"> <sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" /> <sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <sec:intercept-url pattern="/**" access="ROLE_USER" /> <sec:logout logout-url="/logout" logout-success-url="/login" /> </sec:http> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider ref="myAuthenticationProvider" /> </sec:authentication-manager> <bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <property name="loginFormUrl" value="/login" /> </bean> <bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> </bean> <bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" />
Filter:
@Component public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter { public AdminUsernamePasswordAuthenticationFilter() { super("/login"); } @Override public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response) throws AuthenticationException {
Authentication Provider:
@Component public class MyAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
I am running Java 6, the latest versions of Spring Security (3.1.4.RELEASE) and Spring (3.2.3.RELEASE) running on the Tomcat v6 server. Different versions of Spring are not a problem ( related SO question ). And if this is a problem, you need to run Spring 3.1.4, if you want to use Spring Security - it's just meh ...
Some additional things I tried to no avail:
- I tried using
<sec:authentication-manager /> in favor of a regular bean, as mentioned here (bottom answer) . - I tried adding bean id, names, identifiers-manager-ref in all combinations.
source share