authenticationUserDetailsService error using Spring Security filter with CAS

StackOverflow https://stackoverflow.com/questions/21587543

Question

I am new to Spring security, I set up a DelegatingFilterProxy Spring security filter in web.xml file. I am trying to setup the spring security filter with CAS authentication when there are no restricted pages or directory. Each webpage has two sections protected(loggedin can see it) and unprotected(anonymous) and also there is a login link(to CAS remote server) at the top of page. I am getting SEVERE: Error listenerStart caused by An authenticationUserDetailsService must be set Error

I am using Spring 3.0 mvc+(Tomcat6+apache2.2+jk_module) web application which worked fine before implementing Spring security+CAS
Thanks, MK

Errors

    org.apache.catalina.core.StandardContext listenerStart
            SEVERE: Exception sending context initialized event
         to listener instance of class org.springframework.web.context.ContextLoaderListener
            org.springframework.beans.factory.BeanCreationException:
         Error creating bean with name 'casFilter' defined in ServletContext resource [/WEB-INF/service-context.xml]: 
    Cannot resolve reference to bean 'authManager' while setting bean property 'authenticationManager';
         nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name
 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'casAuthProvider' while setting bean property 'providers'
 with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException:
 Error creating bean with name 'casAuthProvider' defined in ServletContext resource [/WEB-INF/service-context.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An authenticationUserDetailsService must be set

The web.xml:

  <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" 
 xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/service-context.xml
    /WEB-INF/security-context.xml
    </param-value>
    </context-param>  

  <listener>
    <listener-class>
      org.springframework.web.context.ContextLoaderListener
    </listener-class>
  </listener>  

   <!-- Spring Security filter Configuration --> 
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>    
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

  <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
        </init-param>
      <load-on-startup>1</load-on-startup>
</servlet>

security-context.xml

     <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.0.xsd">

     <http entry-point-ref="casEntryPoint" use-expressions="true">
         <intercept-url pattern="/" access="permitAll"/>
          <custom-filter ref="casFilter" position="CAS_FILTER" />
         <logout logout-success-url="https://remote-cas.com/cas/logout"/>
     </http>   

    <authentication-manager alias="authManager">
        <authentication-provider ref="casAuthProvider" />
    </authentication-manager>    

</beans:beans>

and small part of serivce-context.xml

    <?xml version="1.0" encoding="UTF-8"?>
   <beans xmlns="http://www.springframework.org/schema/beans"      
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jee="http://www.springframework.org/schema/jee"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd    http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd">

 <!-- for security CAS -->
    <bean id="serviceProperties"  lass="org.springframework.security.cas.ServiceProperties">
          <property name="service"   value="http://localhost/myapp/index.jsp"/>
          <property name="sendRenew" value="false"/>
       </bean> 

 <bean id="casEntryPoint"    class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
  <property name="loginUrl" value="https://remote-cas.com/cas/login"/>
  <property name="serviceProperties" ref="serviceProperties"/>
</bean> 

    <bean id="casFilter"      class="org.springframework.security.cas.web.CasAuthenticationFilter">
      <property name="authenticationManager" ref="authManager"/>
     <property name="authenticationSuccessHandler">
       <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" />
    </property>
    </bean>

    <bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="ticketValidator" ref="ticketValidator"/>
    <property name="serviceProperties" ref="serviceProperties"/>
     </bean>

    <bean id="ticketValidator" class="org.jasig.cas.client.validation.Saml11TicketValidator">
    <constructor-arg value="https://localhost/myapp/index.jsp" />
    <property name="encoding" value="utf8" />
   </bean>
Was it helpful?

Solution

The error message pretty much nails it. Your CasAuthenticationProvider is missing a reference to another bean which gives it access to the user information for your application:

<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="ticketValidator" ref="ticketValidator"/>
    <property name="serviceProperties" ref="serviceProperties"/>
    <!-- You are missing this -->
    <property name="authenticationUserDetailsService">
        <bean
            class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <constructor-arg ref="userService" />
        </bean>
    </property>
</bean>

where userService is a UserDetailsService instance. See the CAS Sample application for a working example.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top