All geek questions in one place

Spring boot, Spring Security Override UserDetailsService

Work with the transition from spring xml security configuration to Java configuration in spring Security.

In my SecurityConfiguration class, which extends WebSecurityConfigurerAdapter. However, the problem is that userDetailsService is not used by security filters, namely UserPasswordAuthenticationFilter. I looked at the launch, and it seems that it was not created before spring boots creates the default InMemoryUserDetailsManager.

@Configuration @EnableWebMvcSecurity @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.userDetailsService(userDetailsService); } }

I also tried to override userDetailsServiceBean and userDetailsService in this class using a specially created ApplicationUserDetailsService application.

 @Bean(name="myUserDetailsBean") @Override public UserDetailsService userDetailsServiceBean() { return userDetailsService; } @Override public UserDetailsService userDetailsService() { return userDetailsService; }

However, when I try to override authenticationManagerBean, it looks like it calls my configuration before initializing the initial spring configuration, but it throws an error (below) that there is a circular reference when initializing UserPasswordAuthenticationFilter. I really need to override authenticationManagerBean because I need to determine what is included in the UsernamePasswordAuthenticationFilter.

 @Bean(name="myAuthenticationManager") @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }

..

 Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]: Circular reference involving containing bean 'securityBeansConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'usernamePasswordAuthenticationFilter' threw exception; nested exception is java.lang.IllegalArgumentException: successHandler cannot be null at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE] at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE] ... 70 common frames omitted

Ideas?

+6
source share
1 answer

Hi, there is an easy way to override UserDetailsService

 import com.dog.care.domain.User; import com.dog.care.repository.UserRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; import javax.inject.Inject; import java.util.Optional; @Component("userDetailsService") public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService { private final Logger log = LoggerFactory.getLogger(UserDetailsService.class); @Inject private UserRepository userRepository; @Override @Transactional public UserDetails loadUserByUsername(final String login) { log.debug("Authenticating {}", login); String lowercaseLogin = login.toLowerCase(); Optional<User> userFromDatabase = userRepository.findOneByLogin(lowercaseLogin); return userFromDatabase.map(user -> { if (!user.getActivated()) { throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated"); } return new CustomUserDetails(user); }).orElseThrow(() -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the database")); } }

This is important: @Component ("userDetailsService")

Thanks Alexandar

0
source

Source: https://habr.com/ru/post/982124/

More articles:


All Articles