Closed marceloverdijk closed 11 years ago
The mappings for many of the XML namespace configurations are demonstrated in tests which was mentioned in the README. I have since made this more obvious by making the XML Namespace a heading. Unfortunately while there was support for it there was no sample (as you pointed out) for password-encoder@ref
. I have since added PasswordEncoderTests.groovy that demonstrates how to use it.
Please verify this resolves your issue.
Hi Rob,
I tried this below configuration:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpConfiguration http) throws Exception {
http
.authorizeUrls()
.antMatchers...
.and()
.formLogin()...
.and()
.logout()...
.and()
.rememberMe();
}
@Override
public void configure(WebSecurityBuilder builder) throws Exception {
builder
.ignoring()
.antMatchers...;
}
@Bean
public AuthenticationManager authenticationManager() throws Exception {
BCryptPasswordEncoder encoder = passwordEncoder();
return new AuthenticationManagerBuilder()
.inMemoryAuthentication()
.withUser("user").password(encoder.encode("password")).roles("USER")
.and()
.passwordEncoder(encoder)
.and()
.build();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
but it gives me:
[INFO] org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.security.web.FilterChainProxy org.springframework.security.config.annotation.web.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: UserDetailsService cannot be null
Note: I'm using Spring 3.2.3 and Spring Security 3.1.4 so I should not worry about SPR-10546.
Since you are not using the registerAuthentication, the UserDetailsService is not defaulted for rememberMe(). Try using the following instead:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpConfiguration http) throws Exception {
http
.authorizeUrls()
.antMatchers...
.and()
.formLogin()...
.and()
.logout()...
.and()
.rememberMe();
}
@Override
public void configure(WebSecurityBuilder builder) throws Exception {
builder
.ignoring()
.antMatchers...;
}
@Override
protected void registerAuthentication(AuthenticationRegistry registry) throws Exception {
BCryptPasswordEncoder encoder = passwordEncoder();
registry
.inMemoryAuthentication()
.passwordEncoder(encoder)
.withUser("user").password(encoder.encode("password")).roles("USER")
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
Alternatively provide a UserDetailsService to the rememberMe() method explicitly using rememberMe().userDetailsService. I'm still working on complete test coverage and error messages, but I created #114 to ensure that this gets a better error message prior to being released.
OK, I tried with the registerAuthentication as I was having that one anyway.
But neither AuthenticationRegistry or UserDetailsManagerRegistry has a passwordEncoder
method to set the encoder (in current master branch).
Thanks for pointing this out. I suppose that is what I get for using Groovy for the tests (it automatically handled the fact that AuthenticationRegistry is an AuthenticationBuilder and invoked the method). I will fix this issue.
Great to hear, I will try again as soon as it is fixed.
I pushed out a fix for this. The javaconfig for the test was also moved to be .java to prevent such issues again. Please try with the updates and let me know if this resolves your issue.
Thanks!, just verified the fix and I can add the password encoder like:
@Override
protected void registerAuthentication(AuthenticationRegistry registry) throws Exception {
registry
.inMemoryAuthentication()
.passwordEncoder(passwordEncoder())
.withUser("username").password("password").roles("USER");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
Thanks for following up :)
ps: don't let @glaforge hear you removed that Groovy test :-)
@marceloverdijk Haha...he will be glad to see the test stayed in Groovy. I only changed the config to Java since that was the only piece of code hiding this issue.
I have this snippet of code:
I don't see a way to connect the in memory authentication with the password encoder.
In xml this would be:
as from the Spring Security tutorial: http://static.springsource.org/spring-security/site/tutorial.html