mercredi 1 avril 2015

Spring security giving error 403 after DaoAuthenticationProvider id configured

I am trying to secure my Spring Boot application. All works ok with in memory authentication:



    auth.inMemoryAuthentication()
        .withUser("new")
            .password("asd")
            .roles("USER");


But I need database authentication, so in my User class I implemented UserDetails and created a a service like this to load the user:



@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
        User user = userRepository.findByLogin(username);
        if ( user == null ) 
            throw new UsernameNotFoundException("User not found");
        return user;
    }
}


When configuring the application I changed the in memory authentication for this:



@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
    daoAuthenticationProvider.setUserDetailsService(userDetailsService);

    auth.authenticationProvider(daoAuthenticationProvider);
}


The HttpSecurity is:



@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http
        .authorizeRequests()
            .antMatchers("/**")
                .hasRole("USER")
                .and()
            .httpBasic();
    // @formatter:on
}


After this configuration I can't get the applications content because spring thrown error 403: forbidden access


On the console I get:



2015-04-01 20:59:51.515 DEBUG 5476 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error] 2015-04-01 20:59:51.516 DEBUG 5476 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error 2015-04-01 20:59:51.517 DEBUG 5476 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)] 2015-04-01 20:59:51.517 DEBUG 5476 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/error] is: -1



Looks like Spring not find my @RequestMapping after the security configuration.


Any sugestion?


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)