Login/Register
Impersonate java.lang.IllegalStateException: UserDetailsService is required
Asked Answered
javaspring-securitysamlimpersonationspring-saml
E

1

12

I am trying to implement the impersonate using SwitchUserFilter in Spring but I'm getting an error. The project runs good without this implementation. Also the project is using Java annotations not xml configuration and has SecureAuth authentication. And the parts involved in the code into the SecurityConfig class is:

@Configuration
@ComponentScan(basePackages = {"com.project.*"})
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
@PropertySource("classpath:app.properties")
@Import({TransactionManagersConfig.class, MailConfig.class})
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private SwitchUserFilter switchUserFilter;

  @Autowired
  protected AuthenticationSuccessHandler authenticationSuccessHandler;

  @Bean
  public UserDetailsService userDetailsServiceBean() {
    try {
        return super.userDetailsServiceBean();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
  }

  @Bean
  public SwitchUserFilter switchUserFilter() {
    SwitchUserFilter switchUserFilter = new SwitchUserFilter();
    switchUserFilter.setUserDetailsService(userDetailsServiceBean());
    switchUserFilter.setUsernameParameter("username");
    switchUserFilter.setSwitchUserUrl("/switch");
    switchUserFilter.setExitUserUrl("/exit");
    switchUserFilter.setTargetUrl("/");

    return switchUserFilter;
  }

  //more beans

  @Override
  protected void configure(HttpSecurity http) throws Exception {
        http
                .headers().disable();
        http    //SAML CONFIG
                .httpBasic()
                .authenticationEntryPoint(samlEntryPoint()).and()
                .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
                .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
        http    //DISABLE CROSS-SITE REQUEST FORGERY
                .csrf()
                .disable();
                //Impersonate Interceptor
        http
                .addFilterAfter(switchUserFilter(), FilterSecurityInterceptor.class);
        http
                .authorizeRequests()
                .antMatchers("/impersonate").permitAll()
                .antMatchers("/api/**").permitAll()
                .antMatchers("/#/**").permitAll()
                .antMatchers("/switch").permitAll()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage("/index")
                .permitAll().successHandler(authenticationSuccessHandler);
        http
                .logout().logoutSuccessUrl(env.getProperty("realm.url.restart"));
        http
                .exceptionHandling().accessDeniedPage("/error?code=403&error=Access Denied&detail=You are not authorized to access.");

     }    

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
       return super.authenticationManagerBean();
    }    

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .authenticationProvider(samlAuthenticationProvider());
    }

    @Override
    public void configure(WebSecurity webSecutity) throws Exception {
        webSecutity
                .ignoring().antMatchers("/resources/**");
    }
}

Error:

java.lang.IllegalStateException: UserDetailsService is required.
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator.loadUserByUsername(WebSecurityConfigurerAdapter.java:393)
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at

My url stops on:

http://localhost:8080/switch?j_username=angel_cuenca

If you need more part of the code, pleasure to share.

Ehrlich answered 20/4, 2017 at 21:31 Comment(4)
@dur yes when I debug and evaluate super.userDetailsServiceBean() contains null in the field delegateEhrlich
You didn't configure a UserDetailsService, so it is null. You have to configure one.Commove
Sorry, I have no experience with Spring Security SAML, so I don't know how to configure the UserDetailsService. Maybe this link helps.Commove
The problem is, that SAML uses his own interface SAMLUserDetailsService which is not compatible to Spring Security's UserDetailsService. So you have no Spring Security UserDetailsService. Maybe the only way is to implement your own UserDetailsService to use with SwitchFilter.Commove
Z
-1

Can you try to set the userDetailsService implementation to the configuration, like in this ?

I don't see in your configuration:

auth.userDetailsService(userService);
Zumstein answered 29/4, 2017 at 18:24 Comment(6)
Still not working. When I add auth.userDetailsService(userService); to the configure(AuthenticationManagerBuilder auth) give to me another error switch java.lang.StackOverflowError which redirect me to this question (#30766606) and the solution for this error was removed userDetailService recently added. So I don't know..Ehrlich
Sure. You can see here, this is my current code (github.com/angelcuenca/stackoverflow/blob/master/…) line 528. You do can see what's the problem ?Ehrlich
I think the issue is the same with the link you provide. I declare my UserDetailsService implementation in another class which implement the loadUserByUsername method.Zumstein
Here. Hope this help.Zumstein
Not find the solution yet. And what was result for the implementation in another class ?Ehrlich
Actually I'm not reading about the SwitchUserFilter, sorry. But here I check you need to provide value for the user, the same like if it don't use SwitchUserFilter. I don't see your userDetailsService load the value? CMIIW.Zumstein

© 2022 - 2024 — McMap. All rights reserved.