Hi,
i followed the Spring Security relogin thread http://forums.smartclient.com/showthread.php?t=9633
this is a great sample that meets almost all my needs. The original sample uses In-Memory authentication, it works well. After then i tried to enable DAO authentication in our project, i got Transport error - HTTP code: 500 for URL: /BuiltInDS/j_spring_security_check error when i click on the Login button of the LoginWindow.
Here's what i modified based on the original code:
in the applicationContext-security.xml i used a customized UserDetailService to perform the authentication
And then i override the loadUserByUsername function of the UserDetailsService:
Before putting these changes to my SmartGwt project, i tried it in a simple web application with only 2 JSP pages, it worked, but got problem now.
After a bit of research and looking at the server logs, the method loadUserByUsername gets called, but it looks like that no response has been returned to the client side (or null DSResponse?), did i miss anything? is this the proper way of doing the authentication using Spring Security?
Thanks!
i followed the Spring Security relogin thread http://forums.smartclient.com/showthread.php?t=9633
this is a great sample that meets almost all my needs. The original sample uses In-Memory authentication, it works well. After then i tried to enable DAO authentication in our project, i got Transport error - HTTP code: 500 for URL: /BuiltInDS/j_spring_security_check error when i click on the Login button of the LoginWindow.
Here's what i modified based on the original code:
in the applicationContext-security.xml i used a customized UserDetailService to perform the authentication
Code:
<security:authentication-manager alias="authenticationManager">
<!--<security:authentication-provider>
<security:user-service>
<security:user name="test" authorities="ROLE_USER" password="test"/>
</security:user-service>
</security:authentication-provider>-->
<authentication-provider user-service-ref = "userDetailsService">
<password-encoder hash="md5"/>
</authentication-provider>
</security:authentication-manager>
<beans:bean id = "userDetailsService" class = "com.smartgwt.sample.server.service.MyUserService" />
Code:
public class MyUserService implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
try{
/** retrieve user using iBatis + Spring **/
TransactUserExample exa = new TransactUserExample();
exa.createCriteria().andUsernameEqualTo(username);
List<TransactUser> users = TransactInitServlet.getUserDAO().selectByExample(exa);
if(users.size() == 1) {
TransactUser u = users.get(0);
GrantedAuthorityImpl auth = new GrantedAuthorityImpl(u.getRole());
User user = new User(u.getUsername(),
u.getPassword(), true, true, true, true, getAuthorities(u.getRole()));
return user;
}
} catch(Exception ex) {
ex.printStackTrace();
}
return null;
}
private GrantedAuthority[] getAuthorities(String role) {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
authList.add(new GrantedAuthorityImpl(role));
return authList.toArray(new GrantedAuthority[] {});
}
}
After a bit of research and looking at the server logs, the method loadUserByUsername gets called, but it looks like that no response has been returned to the client side (or null DSResponse?), did i miss anything? is this the proper way of doing the authentication using Spring Security?
Thanks!
Comment