All geek questions in one place

Spring Security 3.x: Creating Your Own Authentication Provider Without UserDetailsService

I created my own authentication provider with AbstractUserDetailsAuthenticationProvideran extension that authenticates the user to the database and performs additional authorization checks.

The annoyance I came across is an authentication provider that requires me to connect UserDetailsService. At least for this project I do not need to UserDetailsService, because if I have an authentication provider to pull out the user information for authentication / authorization, I do not see the need for UserDetailsServicethe same user to pull out the information for creating the object UserDetails.

So, right now, I have to connect a dummy UserDetailsServiceto my authentication provider, and it does nothing.

Is it possible to create an authentication provider without UserDetailsService?

+3
source share
2 answers

Looking at the code for AbstractUserDetailsAuthenticationProvider (at least for version 3.0.5), it does not require a UserDetailsService connection. Double-check the XML configuration to make sure that DAOAuthenticationProvider is not used.

You should have such a block

<authentication-manager>
    <authentication-provider ref="yourAuthenticationProvider" />
</authentication-manager>

Also, register the exception you get to see exactly where it is thrown from.

+3
source

, Spring, DaoAuthenticationProvider ( AbstractUserDetailsAuthenticationProvider doAfterPropertiesSet()).

, UserDetailsService, , AbstractUserDetailsAuthenticationProvider.

0

Source: https://habr.com/ru/post/1789593/

More articles:


All Articles