search

itzg / spring-security-spa

Provides Spring Security filters and supporting classes that streamline the use of authentication and registration within Single Page web Applications
Apache License 2.0
1 stars 0 forks source link

UserDetailsService support missing #1

Open arnonuem opened 5 years ago

arnonuem commented 5 years ago

Instead of an InMemoryUserDetailsManager i am using a UserDetailsService implementation since i have some extravagant logic besides just tapping into a database.

This is the error i get:

***************************
APPLICATION FAILED TO START
***************************

Description:

Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.security.provisioning.UserDetailsManager' that could not be found.
    - Bean method 'inMemoryUserDetailsManager' not loaded because @ConditionalOnMissingBean (types: org.springframework.security.authentication.AuthenticationManager,org.springframework.security.authentication.AuthenticationProvider,org.springframework.security.core.userdetails.UserDetailsService; SearchStrategy: all) found beans of type 'org.springframework.security.core.userdetails.UserDetailsService' myUserDetailsService and found beans of type 'org.springframework.security.authentication.AuthenticationProvider' authenticationProvider

Action:

Consider revisiting the conditions above or defining a bean of type 'org.springframework.security.provisioning.UserDetailsManager' in your configuration.

Could a solution be that the RegistrationFilter in the SinglePageAppConfigurer also allows a UserDetailsService instead of just a UserDetailsManager?

registrationFilter.setUserDetailsManager(applicationContext.getBean(UserDetailsManager.class));
itzg commented 5 years ago

The registration filter needs a UserDetailsManager (which is an extending interface of UserDetailsService) since that's the interface that provides the mutating operations, specifically

https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/provisioning/UserDetailsManager.html#createUser-org.springframework.security.core.userdetails.UserDetails-

The registration filter is optional if your users are provisioned elsewhere. So, one solution could be to not use that filter and only use the RequestBodyLoginFilter, which delegates to the usual AuthenticationManager which in turn only requires a UserDetailsService.