R
R
radi02012-03-05 22:35:40
NoSQL
radi0, 2012-03-05 22:35:40

Spring Security, handling exception in UserDetailsService

I'm currently trying to get Spring Security to work with Mongodb. And everything works, except that if the user is not in the database, instead of reporting this, an exception 500 (AuthenticationServiceException) is thrown, which I actually call.
In case of a successful match of the username and password, we go to the default-target-url,
if only the name matches, by authentication-failure
In all the examples that I looked at, the construction is exactly the same, tell me where I'm wrong (or how to correctly catch the exception, it seems to me that it should be easier than catching them explicitly?).

( gist for these files )

UserDetailsService override:

@Service
public class MongoUserDetailsService implements UserDetailsService {

  @Override
  public UserDetails loadUserByUsername(String username) throws AuthenticationServiceException {
    MongoOperations mongoOperations = null;
    
    try {
      mongoOperations = new MongoTemplate(new Mongo(), "mydb");
    } catch (UnknownHostException e) {
      e.printStackTrace();
    } catch (MongoException e) {
      e.printStackTrace();
    }
    try {
      
      Query query = new Query(Criteria.where("email").is(username));
      System.out.println("query ready to go");
      Customer customer = mongoOperations.findOne(query, Customer.class);
      System.out.println("query done");
      if (customer == null){
        throw new AuthenticationServiceException("Authentication failed for user " + username);

      }
      boolean enabled = true;
      boolean accountNonExpired = true;
      boolean credentialsNonExpired = true;
      boolean accountNonLocked = true;

      return new User(
          customer.getUsername(), 
          customer.getPassword().toLowerCase(),
          enabled,
          accountNonExpired,
          credentialsNonExpired,
          accountNonLocked,
          getAuthorities(2));

    } catch (Exception e) {
      System.out.println("query failed");
      throw new RuntimeException(e);
    }
  }

  public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
    List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
    return authList;
  }


  public List<String> getRoles(Integer role) {
    List<String> roles = new ArrayList<String>();

    if (role.intValue() == 1) {
      roles.add("ROLE_USER");
      roles.add("ROLE_ADMIN");

    } else if (role.intValue() == 2) {
      roles.add("ROLE_USER");
    }

    return roles;
  }

  public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    for (String role : roles) {
      authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    }
    return authorities;
  }
}


and security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
  <http access-denied-page="/error403.jsp">
    <intercept-url pattern="/index*" access="ROLE_USER,ROLE_ANONYMOUS"/>
    <intercept-url pattern="/add*" access="ROLE_USER"/>
    <intercept-url pattern="/delete/*" access="ROLE_ADMIN"/>
    <form-login login-page="/login.jsp" default-target-url="/index" authentication-failure-url="/login.jsp?error=true"/>
    <logout logout-url="/logout" logout-success-url="/index"/>
    <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
    <remember-me user-service-ref="userDetailsService"/>
</http>
<authentication-manager>
    <authentication-provider user-service-ref="mongoUserDetailsService"/>
</authentication-manager>
<beans:bean id="mongoUserDetailsService" class="com.company.testproj.utils.MongoUserDetailsService"/>
</beans:beans>

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question