Spring Security Java Configuration - Dummy UserDetailsService not authenticating

Question

I am trying to test my custom login form by implementing a dummy authentication service. The login form is correctly passing the username to the service, but the authentication fails.

SecurityConfig.java:

package com.acme.security.config;

import javax.annotation.Resource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
      auth.inMemoryAuthentication().withUser("user").password("123456").roles("USER");
      auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
      auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .antMatchers("/resources/**").permitAll()
        .and().formLogin().loginPage("/Login").permitAll()
        .failureUrl("/Login?error")
        .usernameParameter("username").passwordParameter("password")        
        .and().logout().logoutSuccessUrl("/login?logout")
        .and().csrf()
        .and().requiresChannel()
        .antMatchers("/login/**").requiresSecure()
        .anyRequest().requiresInsecure();
    }

    @Resource(name="authService")
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }
}

TestUserDetailsService:

package com.acme.testing;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.acme.controller.HomeController;

@Service("authService")
public class TestUserDetailsService implements UserDetailsService {
    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);
    @Override
    public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
    logger.info(username);
    if(username == "user") return new TestUserDetails();
    else throw new UsernameNotFoundException("Username not found!");
    }
}

TestUserDetails:

package com.acme.testing;

import java.util.ArrayList;
import java.util.Collection;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

public class TestUserDetails implements UserDetails {
    private static final long serialVersionUID = 1L;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
    ArrayList<TestGrantedAuthority> auths = new ArrayList<TestGrantedAuthority>();
    TestGrantedAuthority a = new TestGrantedAuthority();
    auths.add(a);
    return auths;
    }

    @Override
    public String getPassword() {
    return "password";
    }

    @Override
    public String getUsername() {
    return "user";
    }

    @Override
    public boolean isAccountNonExpired() {
    return true;
    }

    @Override
    public boolean isAccountNonLocked() {
    return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
    return true;
    }

    @Override
    public boolean isEnabled() {
    return true;
    }
}

TestGrantedAuthority:

package com.acme.testing;

import org.springframework.security.core.GrantedAuthority;

public class TestGrantedAuthority implements GrantedAuthority {
    private static final long serialVersionUID = 1L;

    @Override
    public String getAuthority() {
    return "ROLE_USER";
    }
}

When after submitting "user" and "password", the logger outputs "user" and the page is redirected to /Login?error. My understanding of this is not great, so I'm not sure why this is happening.

score 1 · Accepted Answer · edited May 23 '17 at 12:29

1

You should use .equals("user") instead of == in your 'TestUserDetailsService'. Read this for the reason why.

Does your application throw a UsernameNotFoundException?

For better debugging and understanding of what's happening and why the authentication is failing, you could configure logging for Spring Security on DEBUG lvl.

edited May 23 '17 at 12:29

Community

1
1

answered Jul 14 '14 at 06:52

anoppe

26
3

I can't believe I made that mistake, but thank you, it works as expected now! – austior Jul 15 '14 at 14:43

Spring Security Java Configuration - Dummy UserDetailsService not authenticating

1 Answers1