8

I use java configuration to configure Spring Security, and I have customized AuthenticationProvider and customized UserDetailsService, to add extra login field following http://forum.spring.io/forum/spring-projects/security/95715-extra-login-fields

I have difficulty to add both of the customized Classes into Spring Security framework by using java configuration. As java doc of AuthenticationProvider#authenticationProvider describes:

Add authentication based upon the custom AuthenticationProvider that is passed in. Since the AuthenticationProvider implementation is unknown, all customizations must be done externally and the AuthenticationManagerBuilder is returned immediately.

This method does NOT ensure that the UserDetailsService is available for the getDefaultUserDetailsService() method.

So my question is what is the approach to set UserDetailsService in this case?

Ritesh
  • 7,472
  • 2
  • 39
  • 43
wgui
  • 83
  • 1
  • 1
  • 4

1 Answers1

7

Here is an example of customized AuthenticationProvider and customized UserDetailsService: 

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider());
    }

    @Bean
    AuthenticationProvider customAuthenticationProvider() {
        CustomAuthenticationProvider impl = new CustomAuthenticationProvider();
        impl.setUserDetailsService(customUserDetailsService());
        /* other properties etc */
        return impl ;
    }

    @Bean   
    UserDetailsService customUserDetailsService() {
        /* custom UserDetailsService code here */
    }
}
Crunch
  • 500
  • 3
  • 9
Ritesh
  • 7,472
  • 2
  • 39
  • 43
  • I notice that you initialize your `customAuthenticationProvider` and `customUserDetailsService` manually, is it not better to `@Autowired` them directly? –  May 05 '15 at 08:15
  • `@Autowired` is used in `@Configuration` class when you are wiring outside beans. In this code, `customAuthenticationProvider` and `customUserDetailsService` beans are declared in the same class and so there is no use case for `@Autowired`. Also note that `AuthenticationManagerBuilder` is declared somewhere else and so it is ok to use `@Autowired`. – Ritesh May 05 '15 at 11:08
  • 1
    impl.setUserDetailsService(customUserDetailsService()); // this will not work, - the AuthenticationProvider interface has no setUserDetailsService() method. – user3791111 May 04 '17 at 20:57
  • 1
    Since it is a custom AuthenticationProvider implementation, you can add this method (after all any authentication provider would need a mechanism to load user details). See implementations of `AuthenticationProvider` such as [DaoAuthenticationProvider](https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/authentication/dao/DaoAuthenticationProvider.html), which has the `setUserDetailsService` method. – Ritesh May 05 '17 at 11:21