Spring Security Vaadin认证管理器bean

Question

I am new to Vaadin and Spring security. Last few days I was googling for the right example how to integrate spring security into vaadin application (not the servlet) so that the users can authenticate themselves using LoginForm vaadin component. Here is the code snippet that I used inside onlogin event:

login = new LoginForm();
login.addListener(new LoginForm.LoginListener() {
    private static final long serialVersionUID = 1L;

    @Override
    public void onLogin(LoginEvent event) {
        if (event.getLoginParameter("username").isEmpty() || event.getLoginParameter("password").isEmpty()) {
            getWindow().showNotification("Please enter username and/or password", Notification.TYPE_ERROR_MESSAGE);
        } else {
            SpringContextHelper helper = new SpringContextHelper(getApplication());
            authenticationManager = (ProviderManager)helper.getBean("authenticationManager");

            try {
                UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(event.getLoginParameter("username"), event.getLoginParameter("password"));   
                Authentication authentication = authenticationManager.authenticate(token);
                SecurityContextHolder.getContext().setAuthentication(authentication);
                authentication.getDetails();
            } catch (Exception e) {
                getWindow().showNotification(e.getMessage(), Notification.TYPE_ERROR_MESSAGE);
            }
        }                   
    }
});

When I try to login with my credentials that I described in applicationContext.xml file I got an error Null Pointer exception at this line:

 authenticationManager = (ProviderManager)helper.getBean("authenticationManager");

I know that the error is thrown by the getBean("authenticationManager"); method because it can't locate "**authenticationManager "** bean. The question would be: what is the "**authenticationManager "** in this context. Is it a class or bean that implements some kind of Spring security framework interface with special methods. Does anyone could provide an example of such bean (class, pojo and etc.). I descriped listeners and context-params in my web.xml as I found on the examples in the internet.

WEB.XML

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:META-INF/applicationContext*.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

Also I am providing a applicationContext.xml in which I describe authentication manager with plain username and password.

APPLICATIONCONTEXT.XML

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http>
   <intercept-url pattern="/**" access="ROLE_USER" />
   <form-login />
   <logout />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider>
      <user-service>
        <user name="userrrr" password="passsssword" authorities="ROLE_USER, ROLE_ADMIN" />
        <user name="otheruser" password="otherpasss" authorities="ROLE_USER" />
      </user-service>
    </authentication-provider>
</authentication-manager>

So In short. Does anyone could provide me a working bean example, for my case, which can authenticate plain usernames and passwords that are described in applicationContext.xml file. If it helps I am using Vaadin 6, Maven, Hibernate, GlassFish and Sping security 3. I will greatly appreciate help because I am working on this issue for the last three days.

There are plenty examples on the internet but they are all unfinished, unclear, uses Vaadin application servelts or jsp login forms (not the application) and different techniques.

I choosed the way that is described in official vaadin wiki https://vaadin.com/wiki/-/wiki/Main/Spring%20Integration?p%255Fr%255Fp%255F185834411%255Ftitle=Spring%2520Integration . But it is so poor and describes spring framework integration not security.

I found another example which looked me perfect Spring Security + Vaadin: How to create custom non-JSP login form? . But there I can't find detailed info about authenticationManager.

Also here is another nice example https://vaadin.com/forum/-/message_boards/view_message/373038 . But it is using HttpServletRequest and HttpServletResponse for passing authetication details. I know that vaadin application class can implement HttpServletRequestListener interface with onRequestStart and onRequestEnd methods but how I can pass/use these requests to/with onLogin event.

So dear JAVA masters please help for a newbie JAVA JEDI programmer to choose a right way:)

Spring Context helper class

public class SpringContextHelper {  
    private ApplicationContext context;

    public SpringContextHelper(Application application) {
        ServletContext servletContext = ((WebApplicationContext) application.getContext()).getHttpSession().getServletContext();
        context = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
    }

    public Object getBean(final String beanRef) {
        return context.getBean(beanRef);
    }    
}

Answer 1

Try org.springframework.security.authentication. AuthenticationManager interface instead of ProviderManager :

authenticationManager = (AuthenticationManager)helper.getBean("authenticationManager");

EDIT. Replace alias="authenticationManager" by id="authenticationManager in your conf.