Spring Security with JDBC Authentication - No AuthenticationProvider found

Question

I'm new to Spring Security, and I'm trying to set up authentication/authorization against a PostgreSQL database. I followed the first 3 chapters here and got in-memory username/password working without problems. After creating the tables required for the schema (here), then setting up a JNDI DataSource in tomcat (here) along with all the beans needed for Spring, login is now failing with this message:

Your login attempt was not successful, try again.

Reason: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

Here are the beans defined in my servlet-context.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:jee="http://www.springframework.org/schema/jee"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd">

    <!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
    <jee:jndi-lookup id="dataSource" jndi-name="jdbc/TyedArtDB"/>

    <!-- Enables the Spring MVC @Controller programming model -->
    <annotation-driven />

    <context:component-scan base-package="com.tyedart.web" />

    <!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
    <resources mapping="/resources/**" location="/resources/" />

    <!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
    <beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <beans:property name="prefix" value="/WEB-INF/views/" />
        <beans:property name="suffix" value=".jsp" />
    </beans:bean>

    <beans:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <beans:property name="dataSource" ref="dataSource"/>
    </beans:bean>

    <beans:bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

    <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService"/>
        <beans:property name="passwordEncoder" ref="passwordEncoder"/>
    </beans:bean>

    <beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <beans:property name="providers">
            <beans:list>
                <beans:ref bean="daoAuthenticationProvider"/>
            </beans:list>
        </beans:property>
    </beans:bean>

</beans:beans>

And here's my SecurityConfig class:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//      auth
//          .inMemoryAuthentication()
//              .withUser("rob").password("22").roles("ADMIN");

        InitialContext ctx = new InitialContext();
        DataSource dataSource = (DataSource) ctx.lookup("java:/comp/env/jdbc/TyedArtDB");

        auth
            .jdbcAuthentication()
                .dataSource(dataSource)
                .withDefaultSchema()
                .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/manage/**").hasRole("ADMIN")
                .and()  
            .formLogin();
    }
}

Any ideas what I'm doing wrong here?

Answer 1

I just configured Security with JDBC. I used the java annotation to configure my app. A couple things that I noted:

.withDefaultSchema()

For me, unexpected. I had a data source configured, however I did not create the default tables. Spring connected to my data source and automatically create the schema. I noticed you created the schema manually. That's what I expected also. The docs seemed to be ambiguous, so I just ran my app without creating the tables. Voila Spring created the database tables for me. Perhaps the schema does not match (see my next section, I founds the docs slightly out of date).

Next, I was adding Spring Security to a small Spring MVC app. The Spring blog contained the correct configuration annotation:

@EnableWebMvcSecurity

Let me know if you want me to post my security config. It's java not xml. Thus, I don't know if it would help.