jdbc spring security, apache commons dbcp

Question

In a Spring Security, I defined a jdbc auth manager:

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="securityDataSource"/>
    </security:authentication-provider>
</security:authentication-manager>

<bean id="securityDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="org.postgresql.Driver"/>
    <property name="url" value="jdbc:postgresql://127.0.0.1:5432/mydb"/>
    ... user and password props ...
</bean>

At this point I've discovered that I need Jakarta Commons DBCP. I've added commons-dbcp-1.4, i get the following exception:

...java.lang.NoClassDefFoundError: org/apache/commons/pool/KeyedObjectPoolFactory

This path actually isn't included in commons dbcp 1.4.
What am I missing again?

EDITED
Ok, added the dependency to common pool, it works because with the right credentials I no more get the "bad credentials" page. But I get an HTTP Status 403 - Access is denied.
Seems like my user is authenticated , but isn't authorized.
Any idea...? :-)

My http element is:

<security:http auto-config="true" >
    <security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>

and I have a "test" user that is bind to the "USER" role in the "authorities" table.

thanks

I would suggest stepping through the source (via debug), specifically the JdbcDaoImpl class and see where it takes you and what is generating the 403 (it's in one of the Filters, but I cannot remember which off the top of my head). — El Guapo, Jun 28 '11 at 16:58

El Guapo · Accepted Answer · 2011-06-28T15:54:08.057

9

Commons DBCP relies on the Commons Pools libraries, because of this, you actually need to download the commons-pool jar files, and include them in your path.

Commons Pool Downloads

You may also need to download the commons-collections package, too.

edited Jun 28 '11 at 15:54

answered Jun 28 '11 at 15:46

El Guapo

5,581
7
54
82

OK. Is there a way to debug what happens on db? the query that are issued to the db? – AgostinoX Jun 28 '11 at 16:00
I'm not 100% familiar with Postgres, however, I'm sure they have some sort of logging that you should be able to turn on. From your side you can get the source of Commons DBCP and see what's sent across by using Eclipse or Netbeans or the like. But, it probably wont have the complete statement (mostly likely a prepared statement that Spring Security generates and an object that contains all the param values). – El Guapo Jun 28 '11 at 16:07
I've EDITED the question, i've a little further prolbem :-) – AgostinoX Jun 28 '11 at 16:45

score 2 · Answer 2 · answered Jun 28 '11 at 15:53

The jar file commons-dbcp-1.4 does not contain the class org.apache.commons.pool.keyedobjectpoolfactory
You need to add another jar to your project classpath - commons-pool-1.4.
You can download commons-pool-1.4 from here http://commons.apache.org/pool/download_pool.cgi

Owen · Answer 3 · 2011-06-28T18:54:20.437

2

Try changing your test user's authority to ROLE_USER.

edited Jun 28 '11 at 18:54

answered Jun 28 '11 at 18:14

Owen

22,247
13
42
47

Ok, using ROLE_USER works fine. I misunderstood the reference that talks of ROLE_ as it was a sort of "keyword". Now I'm going back to the reference to utry nderstand what are all those strange "ROLE_" discussions about. – AgostinoX Jun 29 '11 at 12:49

score 1 · Answer 4 · answered Jun 28 '11 at 15:52

1

Don't forget you'll also need the Postgre JDBC drivers, just in case you hadn't included those already.

answered Jun 28 '11 at 15:52

Drizzt321

993
13
27

"commons" are use throughout the spring reference; but sometimes it's said that in production you should use jndi. Is it just an advice or something stronger? – AgostinoX Jun 28 '11 at 16:11

jdbc spring security, apache commons dbcp

4 Answers4

Linked