I am trying to implement a login functionality, from the stored user credentials.
but it gives error as :
org.springframework.security.authentication.BadCredentialsException: Bad credentials",
note:
Password is stored encrypted in database.
Controller code:
#PostMapping("/login")
public ResponseEntity<Map<String, Object>> login(#RequestBody JwtRequest authenticationRequest) throws Exception {
String encodedPassword = this.passwordEncoder.encode( authenticationRequest.getPassword());
String userName = authenticationRequest.getUsername();
try {
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
userName,
encodedPassword
)
);
}catch(Exception e){
throw new CustomErrorException(
HttpStatus.INTERNAL_SERVER_ERROR,
"the authentication process has errors : "+e.toString()
);
}
final Employee emp = employeeService.findOne(authenticationRequest.getUsername());
if(emp != null){
System.out.println(" *** the employee ******** "+emp.toString());
}else{
System.out.println(" *** the employee not found ******** ");
}
final CustomeEmployee cEmp = customeEmployeeService.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(cEmp);
System.out.println("the request cam e along wy step 2");
/** -------------------------- */
ArrayNode authorities = mapper.createArrayNode();
for(GrantedAuthority authority : cEmp.getAuthorities()) {
authorities.add(authority.getAuthority());
}
Map<String, Object> result = getConfiguration(emp, cEmp);
result.put("token", token);
return ResponseEntity.ok(result);
}
Appearantly the process is not passing throug the
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
userName,
encodedPassword
)
);
It says the credential errors.
Note: Password and username is 100% correct.
I am working with Spring Boot and Spring Security, but is my first time using Google cloud firebase Firestore, I am connecting to my database via Firebase Admin SDK. I have a configuration class that looks like this.
#Configuration
public class FirestoreUserConfig {
#Bean
public Firestore getDB() {
return FirestoreClient.getFirestore();
}
}
I have BeanCreationException, my stack trace, in summary, looks like this.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getDB' defined in class path resource [com/d1gaming/user/firebaseconfig/FirestoreUserConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.firestore.Firestore]: Factory method 'getDB' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/api/gax/rpc/TransportChannelProvider
Caused by: java.lang.ClassNotFoundException: com.google.api.gax.rpc.TransportChannelProvider
at java.net.URLClassLoader.findClass(URLClassLoader.java:382) ~[na:1.8.0_271]
at java.lang.ClassLoader.loadClass(ClassLoader.java:418) ~[na:1.8.0_271]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:355) ~[na:1.8.0_271]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351) ~[na:1.8.0_271]
... 105 common frames omitted
The weird thing is I followed Google's documentation on Initializing firebase Admin SDK, I added the corresponding dependencies to my pom.xml file but it does not seem to work anyway. This is my Admin SDK dependency.
<dependency>
<groupId>com.google.firebase</groupId>
<artifactId>firebase-admin</artifactId>
<version>7.0.1</version>
</dependency>
I imagine Maven is not able to find this TransportChannelProvider class, Im not sure. I also tried adding all of gcp core dependencies in case provided Admin SDK dependency didn't have the class but I had the same result. I am also making use of a Service and a RESTController for my back end application, I don't know if it is relevant to include it here but I am going to include it just in case.
#Service
public class UserService {
public final String USERS_COLLECTION = "users";
#Autowired
private PasswordEncoder passwordEncoder;
private Firestore firestore;
//get users collcetion from Firestore.
private CollectionReference getUsersCollection() {
return firestore.collection(this.USERS_COLLECTION);
}
//Post a user onto the user collection. documentID is auto-generated by firestore.
public String saveUser(User user) throws InterruptedException, ExecutionException {
Query query = getUsersCollection().whereEqualTo("userName", user.getUserName());
QuerySnapshot querySnapshot = query.get().get();
//Query to validate if userName is already in use.
if(querySnapshot.isEmpty()) {
ApiFuture<DocumentReference> document = getUsersCollection().add(user);
DocumentReference reference = document.get();
String userId = document.get().getId();
//Assign auto-generated Id to userId field for ease of querying.
WriteBatch batch = FirestoreClient.getFirestore().batch();
batch.update(reference, "userId",userId);
//ENCODE USER PASSWORD!
batch.update(reference, "userPassword",passwordEncoder.encode(reference.get().get().toObject(User.class).getUserPassword()));
List<WriteResult> results = batch.commit().get();
results.forEach(result -> {
System.out.println("Update Time: " + result.getUpdateTime());
});
return "Created user with ID: " + "'" + userId + "'";
}
return "Username is already in use";
}
//Get User by given its email.
public Optional<User> getUserByEmail(String userEmail) throws InterruptedException, ExecutionException{
Query query = getUsersCollection().whereEqualTo("userEmail", userEmail);
QuerySnapshot snapshot = query.get().get();
//if user with provided Email exists in collection.
if(!snapshot.isEmpty()) {
List<User> userLs = snapshot.toObjects(User.class);
//Since there is a unique email for each document,
//There will only be on User object on list, we will retrieve the first one.
for(User currUser: userLs) {
return Optional.of(currUser);
}
}
return null;
}
//Query for user by given userName.
public Optional<User> getUserByUserName(String userName) throws InterruptedException, ExecutionException{
//Perform a query based on a user's Name.
Query query = getUsersCollection().whereEqualTo("userName", userName);
QuerySnapshot snapshot = query.get().get();
if(!snapshot.isEmpty()) {
List<User> userList = snapshot.toObjects(User.class);
//Since there is a unique userName for each document,
//there will only be one User object on the list, we will retrieve the first one.
for(User currUser: userList) {
return Optional.of(currUser);
}
}
return null;
}
//Query for user by given userName.
public User getUserByName(String userName) throws InterruptedException, ExecutionException {
//Perform a query based on a user's Name.
Query query = getUsersCollection().whereEqualTo("userName", userName);
QuerySnapshot snapshot = query.get().get();
if(!snapshot.isEmpty()) {
List<User> userList = snapshot.toObjects(User.class);
//Since there is a unique userName for each document,
//there will only be one User object on the list, we will retrieve the first one.
for(User currUser : userList) {
return currUser;
}
}
return null;
}
//Get User by its auto-generated ID.
public User getUserById(String userId) throws InterruptedException, ExecutionException {
DocumentReference reference = getUsersCollection().document(userId);
if(reference.get().get().exists()) {
DocumentSnapshot snapshot = reference.get().get();
User user = snapshot.toObject(User.class);
return user;
}
return null;
}
//Get DocumentReference on a User.
public DocumentReference getUserReference(String userId) throws InterruptedException, ExecutionException {
DocumentReference reference = getUsersCollection().document(userId);
//Evaluate if documentExists in users collection.
if(reference.get().get().exists()) {
return reference;
}
return null;
}
//return a list of objects located in the users collection.
public List<User> getAllUsers() throws InterruptedException, ExecutionException {
//asynchronously retrieve all documents
ApiFuture<QuerySnapshot> future = getUsersCollection().get();
List<QueryDocumentSnapshot> objects = future.get().getDocuments();
//If there is no documents, return null.
if(!objects.isEmpty()) {
List<User> ls = new ArrayList<>();
objects.forEach((obj) -> {
User currUser = obj.toObject(User.class);
ls.add(currUser);
});
return ls;
}
return null;
}
//delete a User from users collection by a given id.
//In reality delete method just changes UserStatus from active to inactive or banned.
public String deleteUserById(String userId) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
DocumentReference reference = db.collection(USERS_COLLECTION).document(userId);
User user = reference.get().get().toObject(User.class);
if(user == null) {
return "User not found.";
}
WriteBatch batch = db.batch();
batch.update(reference, "userStatusCode",UserStatus.INACTIVE);
ApiFuture<List<WriteResult>> result = batch.commit();
List<WriteResult> results = result.get();
results.forEach(response -> {
System.out.println("Update Time:" + response.getUpdateTime());
});
//Check if user did actually change status.
if(reference.get().get().toObject(User.class).getStatusCode().equals(UserStatus.ACTIVE)) {
return "User with ID: " + "'" + userId + "'" + " was deleted.";
}
return "User could not be deleted";
}
//Delete a User's certain field value.
public String deleteUserField(String userId, String userField) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
DocumentReference reference = getUsersCollection().document(userId);
if(!reference.get().get().exists()) {
return "User not found.";
}
Map<String,Object> map = new HashMap<>();
map.put(userField, FieldValue.delete());
WriteBatch batch = firestore.batch();
batch.update(reference, map);
List<WriteResult> results = batch.commit().get();
results.forEach(response -> System.out.println("Update Time: " + response.getUpdateTime()));
return "Field deleted Successfully";
}
//Change UserStatus to BANNED
public String banUserById(String userId) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
final DocumentReference reference = db.collection(this.USERS_COLLECTION).document(userId);
WriteBatch batch = db.batch().update(reference,"userStatusCode",UserStatus.BANNED);
List<WriteResult> results = batch.commit().get();
results.forEach(response -> System.out.println("Update Time: " + response.getUpdateTime()));
if(reference.get().get().toObject(User.class).getStatusCode().equals(UserStatus.BANNED)) {
return "User with ID: " + "'" + userId + "'" + " was BANNED.";
}
return "User could not be BANNED.";
}
//Set a user with all new fields.
public String updateUser(User user) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(user.getUserId());
DocumentSnapshot snapshot = reference.get().get();
if(snapshot.exists()) {
WriteBatch batch = firestore.batch();
batch.set(reference, user);
List<WriteResult> results = batch.commit().get();
results.forEach(response -> System.out.println("Update time: " + response.getUpdateTime()));
return "User updated successfully";
}
return "User not found.";
}
// Update a specific field on a given document by another given value. In case userId is field to be changed, one integer will be subtracted from userTokens field.
public String updateUserField(String userId,String objectField, String replaceValue) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
if(!reference.get().get().exists()) {
return "User not found.";
}
WriteBatch batch = db.batch();
List<WriteResult> results = new ArrayList<>();
//These fields cannot be updated.
if(!objectField.equals("userName") && !objectField.equals("userCash") && !objectField.equals("userTokens") && !objectField.equals("userId")) {
batch.update(reference, objectField, replaceValue);
results = batch.commit().get();
results.forEach(response ->{
System.out.println("Update time: " + response.getUpdateTime());
});
}
else if(objectField.equals("userName")) {
String response = updateUserName(userId, replaceValue);
return response;
}
else {
return "This field canntot be updated.";
}
return "User field could not be updated.";
}
//Update a user's userName depending of availability and token adquisition capacity. i.e. if user has enough tokens to pay fee.
public String updateUserName(String userId, String newUserName) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
DocumentSnapshot snapshot = reference.get().get();
if(!snapshot.exists()) {
return "User not found.";
}
Query query = getUsersCollection().whereEqualTo("userName", newUserName);
QuerySnapshot querySnapshot = query.get().get();
//Evaluate if userName is already in use.
String response = "Username is already taken";
if(querySnapshot.isEmpty()) {
//Transaction to get() tokens and update() tokens.
ApiFuture<String> futureTransact = db.runTransaction(transaction -> {
DocumentSnapshot doc = transaction.get(reference).get();
double tokens = doc.getDouble("userTokens");
//evaluate if user holds more than one token
if(tokens >= 1) {
transaction.update(reference, "userTokens", tokens - 1);
transaction.update(reference, "userName", newUserName);
return "Username updated to: '"+ newUserName +"'";
}
else {
throw new Exception("Not enough Tokens");
}
});
response = futureTransact.get();
}
return response;
}
//update user Currency field.
public String updateUserCash(String userId, double cashQuantity) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
DocumentSnapshot snapshot = reference.get().get();
String response = "User not found.";
//evaluate if document exists
if(snapshot.exists()) {
ApiFuture<String> futureTransaction = firestore.runTransaction(transaction -> {
Map<String,Object> map = new HashMap<>();
map.put("userCash", FieldValue.increment(cashQuantity));
transaction.update(reference, map);
return "Updated userCash";
});
response = futureTransaction.get();
return response;
}
return response;
}
//Update user Token field.
public String updateUserTokens(String userId, double tokenQuantity) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
String response = "User not found.";
//evaluate if user exists on collection.
if(reference.get().get().exists()) {
ApiFuture<String> futureTransaction = firestore.runTransaction(transaction -> {
Map<String,Object> map = new HashMap<>();
map.put("userTokens",tokenQuantity);
transaction.update(reference, map);
return "Updated userTokens";
});
response = futureTransaction.get();
return response;
}
return response;
}
//evaluate if given documentId exists on given collection.
public static boolean isPresent(String userId,String collectionName) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
DocumentReference reference = db.collection(collectionName).document(userId);
ApiFuture<DocumentSnapshot> snapshot = reference.get();
DocumentSnapshot document = snapshot.get();
if(!document.exists()) {
return false;
}
return true;
}
//Evaluate if given document's status corresponds to active.
public static boolean isActive(String userId, String collectionName) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
DocumentReference reference = db.collection(collectionName).document(userId);
ApiFuture<DocumentSnapshot> snapshot = reference.get();
DocumentSnapshot result = snapshot.get();
User user = result.toObject(User.class);
if(user.getStatusCode().equals(UserStatus.ACTIVE)) {
return true;
}
return false;
}
}
My Controller class:
#RestController
#RequestMapping("/userapi")
#CrossOrigin(origins = "http://localhost:4200")
public class UserController {
#Autowired
UserService userServ;
#GetMapping(value = "/users/search",params="userName")
#PreAuthorize("hasRole('PLAYER')")
public ResponseEntity<Object> getUserByName(#RequestParam(value = "userName", required = true)final String userName) throws InterruptedException, ExecutionException{
if(userName == null) {
return new ResponseEntity<>("Invalid Input",HttpStatus.BAD_REQUEST);
}
User user = userServ.getUserByName(userName);
if(user == null) {
return new ResponseEntity<>("User Not Found", HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(user,HttpStatus.OK);
}
#GetMapping("/users")
#PreAuthorize("hasRole('PLAYER')")
public ResponseEntity<List<User>> getAllUsers() throws InterruptedException, ExecutionException{
List<User> ls = userServ.getAllUsers();
if(ls.isEmpty()) {
return new ResponseEntity<List<User>>(ls, HttpStatus.NO_CONTENT);
}
return new ResponseEntity<List<User>>(ls, HttpStatus.OK);
}
#DeleteMapping(value = "/users/delete",params="userId")
#PreAuthorize("hasRole('ADMINISTRATOR')")
public ResponseEntity<Object> deleteUserById(#RequestParam(value="userId", required = true)String userId, #RequestParam(required = false, value="userField") String userField) throws InterruptedException, ExecutionException{
if(userField != null) {
String response = userServ.deleteUserField(userId, userField);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
String response = userServ.deleteUserById(userId);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
#PutMapping(value = "/users/update")
#PreAuthorize("hasRole('ADMINISTRATOR') or hasRole('PLAYER')")
public ResponseEntity<Object> updateUser(#RequestBody User user) throws InterruptedException, ExecutionException{
String response = userServ.updateUser(user);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
#PutMapping(value = "/users/update",params="userId")
#PreAuthorize("hasRole('ADMINISTRATOR') or hasRole('PLAYER')")
public ResponseEntity<Object> updateUserField(#RequestParam(required = true, value="userId")String userId, #RequestParam(required = true)String userField, #RequestParam(required = true)String replaceValue) throws InterruptedException, ExecutionException{
String response = userServ.updateUserField(userId, userField, replaceValue);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
else if(response.equals("This field cannot be updated.")) {
return new ResponseEntity<>(response, HttpStatus.BAD_REQUEST);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
I didn't find ANY documentation on this particular problem and that is why I am here, I would be glad if anyone could help me solving this problem. Am I missing something? Anyways thank you for your time, happy coding.
as you said, you are missing the TransportChannelProvider interface and it's implementations. it's not provided in the dependency you added.
try to add this dependency to your POM:
<dependency>
<groupId>com.google.api</groupId>
<artifactId>gax</artifactId>
<version>1.57.0</version>
</dependency>
the interface included there.
After checking my pom.xml and my dependency hierarchies(On Eclipse, found on the toolbar above the console when the pom.xml file is being viewed.), I found I had another dependency on another Spring Boot project that was overriding the one I had on my project, make sure to check all dependencies on different projects as well. The dependency version I had on my other project did not include the classes Spring needed to create a a bean.
I have a rest API application that authenticates requests by verifying credentials with a database lookup. I need to now add an additional feature that will allow a specific set of credentials to be allowed that is not a record in the database table. Basically I need to hardcode these credentials; but what I found is that the spring authenticationprovider for userDetails does not authenticate this and I am not sure why or how. I added an if statement just before retrieving the dataset result to validate the user credentials but it still does not work.Here is my code:
#SuppressWarnings("deprecation")
#Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException
{
Logger logger = LoggerFactory.getLogger("com.reader.AuthService.loadUserByUsername");
logger.info("Request--");
UserDetails userDt = null;
logger.info("USER:" + username);
Connection con = null;
String query = "SELECT * FROM Customers WHERE username= ?";
logger.info("Making SQL request");
try
{
con= dataSource.getConnection();
String password = null;
String authority = null;
int enabled = 0;
try(Connection dbConn = dataSource.getConnection();
PreparedStatement pst = dbConn.prepareStatement(query);)
{
pst.setString(1, username);
ResultSet rs = pst.executeQuery();
if(username.equalsIgnoreCase("sampleUser")){
username = "sampleUser";
password="1234567_sample";
List ls = new ArrayList();
ls.add(new GrantedAuthorityImpl("ROLE_USER"));
userDt = new User(username, password, enabled==1?true:false , true, true, true, ls);
return userDt;
}
if (rs.next())
{
username = rs.getString("username");
password = rs.getString("password");
authority = "ROLE_USER";
enabled = rs.getInt("isactive");
List ls = new ArrayList();
ls.add(new GrantedAuthorityImpl(authority));
userDt = new User(username, password, enabled==1?true:false , true, true, true, ls);
}
else
{
System.out.println("No credentials present in DB for username" + username);
throw new UsernameNotFoundException(
"Bad Credentials", username);
}
}
catch(SQLException e)
{
System.out.println("API: "+e.getMessage());
e.printStackTrace();
}
con.close();
}
catch(UsernameNotFoundException e)
{
throw e;
}
catch(Exception e1)
{
e1.printStackTrace();
}
return userDt;
In the server-context file I declare the user ref service to this class file above:
<beans:bean id="authservice"
class="com.reader.security.AuthService" />
<security:authentication-manager>
<security:authentication-provider
user-service-ref="authservice" />
</security:authentication-manager>
I think the problem starts here in AbstractUserDetailsAuthenticationProvider:
try {
preAuthenticationChecks.check(user);
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
} catch (AuthenticationException exception) {
if (cacheWasUsed) {
// There was a problem, so try again after checking
// we're using latest data (i.e. not from the cache)
cacheWasUsed = false;
user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
preAuthenticationChecks.check(user);
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
} else {
throw exception;
}
}
here is the exception:
org.springframework.security.authentication.DisabledException: User is disabled
could someone please assist or at least explain how this authentication works.
EDIT:
console response:
10:29:04.703 [http-nio-8080-exec-2]
DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic
Authentication Authorization header found for user
'internalUser'
10:29:04.705 [http-nio-8080-exec-2]
DEBUG o.s.s.authentication.ProviderManager - Authentication attempt
using org.springframework.security.authentication.dao.
DaoAuthenticationProvider
10:29:04.707 [http-nio-8080-exec-2] INFO
c.b.f.AuthService.loadUserByUsername - Request--
10:29:04.707 [http-nio-8080-exec-2] INFO
c.b.f.AuthService.loadUserByUsername - USER:internalUser
10:29:04.707 [http-nio-8080-exec-2] INFO
c.b.f.AuthService.loadUserByUsername - Making SQL request
AbandonedObjectPool is
used (org.apache.commons.dbcp.AbandonedObjectPool#3517a554)
LogAbandoned: false
RemoveAbandoned: true
RemoveAbandonedTimeout: 300
10:32:51.434 [http-nio-8080-exec-2]
DEBUG o.s.s.a.d.DaoAuthenticationProvider - User account is disabled
10:37:12.083 [http-nio-8080-exec-2]
DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached
instance of singleton
bean 'userAuthenticationErrorHandler'
10:37:12.083 [http-nio-8080-exec-2]
DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance
of singleton bean 'org.springframework.context.annotation.
internalScheduledAnnotationProcessor'
It's because your code is setting enabled as false as you initialized enabled integer to zero and later below enabled==1?true:false which will always return false. So i think you missed to set enabled = 1 in case of your "sampleUser" inside if statement
int enabled = 0;
if(username.equalsIgnoreCase("sampleUser")){
username = "sampleUser";
password="1234567_sample";
List ls = new ArrayList();
ls.add(new GrantedAuthorityImpl("ROLE_USER"));
userDt = new User(username, password, enabled==1?true:false , true, true, true, ls);
return userDt;
}
loadUserByUsername(String username) gets called when authentication is completed
for authentication purpose you need to override authenticate() and use it as given below
#Component
public class CustomAuthenticationProvider implements AuthenticationProvider{
#Autowired
private CustomUserService userService;
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
CustomUser user = userService.loadUserByUsername(username);
if (user == null || !user.getUsername().equalsIgnoreCase(username)) {
throw new BadCredentialsException("Username not found.");
}
if (!password.equals(user.getPassword())) {
throw new BadCredentialsException("Wrong password.");
}
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}
public boolean supports(Class<?> arg0) {
return true;
}
}
and declare it in security xml
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
my code is
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
HttpSession session=request.getSession(false);
if(session==null){
response.sendRedirect(request.getContextPath());
}else{
doPost(request,response);
}
}
the url pattern for this servlet is /loginServlet.
i wrote this code so that if user is logged in and makes a get request by hitting enter on the url then the request must be forwarded to doPost()
or else if the user is not logged in then he get to the login page
but the problem is that its always returning to the login page that means request.getSession(false) always returning null
how can i solve this problem
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String name=request.getParameter("name");
String commun=request.getParameter("commun");
String password=request.getParameter("password");
Connection conn = null;
Statement statement = null;
try{
Context initContext = new InitialContext();
Context envContext = (Context) initContext.lookup("java:comp/env");
DataSource ds = (DataSource) envContext.lookup("jdbc/community");
conn = ds.getConnection();
statement = conn.createStatement();
String sql = "select memberragas from windowragas where memberragas='"+name+"' and liquid_key='"+commun+"' and chabhiragas='"+password+"'";
ResultSet rs =statement.executeQuery(sql);
if(rs.next()){
System.out.println("welcome "+name+"");
HttpSession session=request.getSession();
session.setAttribute("name", name);
session.setAttribute("commun", commun);
RequestDispatcher rd = request.getRequestDispatcher("/homey");
rd.forward(request, response);
}else{
System.out.println("either ur username or password or community was wrong");
response.sendRedirect(request.getContextPath());
}
}
catch (NamingException ex) {
System.err.println(ex);
} catch (SQLException ex) {
System.err.println(ex);
}finally {
try {
if (statement != null) statement.close();
if (conn != null) conn.close(); // return to pool
} catch (SQLException ex) {
ex.printStackTrace();
}
}
}
in the doPost() i m creating the session for the first time
I believe the issue is that when you call doPost() directly from your doGet() method, the request parameters name, commun and password are not available. Hence, the authenticating SQL query fails and your else block executes.
} else {
System.out.println("either ur username or password or community was wrong");
response.sendRedirect(request.getContextPath());
}
This is effectively the same as your doGet()'s if block and hence gives an impression that your session is null.
if (session == null) {
response.sendRedirect(request.getContextPath());
}
So to fix the issue, if the session exists, redirect the user immediately instead of trying to execute doPost() to authenticate them again. The presence of name attribute can further assure that the user has been authenticated before.
if (session != null && session.getAttribute("name") != null) {
RequestDispatcher rd = request.getRequestDispatcher("/homey");
rd.forward(request, response);
} else {
response.sendRedirect(request.getContextPath());
}
I have a class that have three methods that have functionalities on Active Directory. Here is the class:
[Export(typeof(IAuthentication))]
public class Authentication : IAuthentication
{
public bool Authenticate(string domain, string username, string password)
{
try
{
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, domain, string.Empty))
{
return principalContext.ValidateCredentials(
username,
password,
ContextOptions.SimpleBind);
}
}
catch (Exception ex)
{
throw ex;
}
}
public UserPrincipal GetUserDetails(string domain, string username)
{
try
{
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, domain))
{
return UserPrincipal.FindByIdentity(principalContext, username);
}
}
catch (Exception ex)
{
throw ex;
}
}
public PrincipalSearchResult<Principal> SearchUsers(string domain, string firstName, string lastName, string userName)
{
try
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain))
{
UserPrincipal user = new UserPrincipal(ctx);
user.Enabled = true;
user.Name = firstName + "* " + lastName + "*";
user.SamAccountName = userName + "*";
PrincipalSearcher principalSearcher = new PrincipalSearcher();
principalSearcher.QueryFilter = user;
return principalSearcher.FindAll();
}
}
catch (Exception ex)
{
throw ex;
}
}
}
As you see in the class attribute, I'm using this class library as a MEF plugin. In my asp.net mvc 3 application, I call the method like this:
PrincipalSearchResult<Principal> results = _authentication.SearchUsers(
ConfigurationManager.AppSettings["DomainName"],
model.UserSearchCriteria.FirstName,
model.UserSearchCriteria.LastName,
model.UserSearchCriteria.Username);
But after I intend to use the return value of the method, I'm getting Cannot access a disposed object, Object name: 'PrincipalContext' exception. I know I'm disposing the PrincipalContext object but if I do not, the connection to the Active Directory will stay open. I think the design of my class is not correct. How can I make it work in a cool way?
I would imagine that when you eventually enumerate over the instance of PrincipalSearchResult<T>, this deferred operation is trying to access the context, which has since been closed. In this scenario, it is likely better for you to enumerate over the results straight away and return them as domain-specific models. I.e, do the work at the time, and not defer it through returning PrincipalSearchResult<T>.