I am new to spring and spring security,
I have understood how beans are created and referenced in the xml files,
I need to provide security using spring into my application.
I included a custom applicationContext-security.xml file in my web.xml : contextConfigLocation
in this file, I have intercepted url patterns using
<intercept-url pattern='/**.something' access="IS_AUTHENTICATED_FULLY"/>
inside element.
I have set the form for login as
now, if a page is not authorised it shows me my custom Login.html page.
Now for the issues I am facing:
- How do I specify my login form to pass its value to spring ?
- How do I use my own authentication-provider ?
I tried this:
<authentication-provider user-service-ref="userDetailsService"/>
<beans:bean id = "userDetailsService" class ="com.somepath.CustomAuthenticationProvider">
<custom-authentication-provider/>
</beans:bean>
where CustomAuthenticationProvider implements AuthenticationProvider
but the code throws an error:
Error creating bean with name '_filterChainProxy' …. No UserDetailsService registered
Please help
Best Answer
1: How do I specify my login form to pass its value to spring ?
After you setup your standard Spring Filter in web.xml for Spring Security, using some of the default settings configured by the
<http>
tag. An instance ofAuthenticationProcessingFilter
is created for you as part of the chain of filters.My default the
AuthenticationProcessingFilter
is set up to read j_username and j_password as the username / password token.In order to override this, replace your customize AuthenticationProcessingFilter over the default one by doing this:
See also the JavaDoc of AuthenticationProcessingFilter for more details: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.html
2: How do I use my own authentication-provider?
Using the following code:
<security:custom-authentication-provider />
is the tag that let's spring knows this is a custom provider and the Authentication Manager should use it in its provider chain.Source: http://static.springsource.org/spring-security/site/docs/2.0.x/reference/appendix-namespace.html#d4e3379
3: Regarding the issue with the code throwing '_filterChainProxy' .... No UserDetailsService registered...'
Is
com.somepath.CustomAuthenticationProvider
implementing the UserDetailService interface?