Ive been at this for hours and still cant figure out why im getting org.springframework.security.authentication.BadCredentialsException
Im working on a registration and login system. I can create a User through a registration page and I can see it inputted into the database. In the registration post method I then try to automatically login the user with an authentication manager but each time I get the same BadCredentialsException. I check in my database and everything looks fine yet I still get the same error. Im new to the authentication stuff so my mistake may be in plain site to others but not myself.
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getEmail(), user.getPassword());
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
try{
Authentication auth = authManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
} catch(Exception e){
e.printStackTrace();
}
That is where I try to log in the User, with that code in which should Auto login the User I get the bad credentials exception. I do save the User correctly before that. I tried many different ways to auto login the user but none of them have worked. Any ideas?
Edit: Security configuration:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers("/register").permitAll()
.antMatchers("/edit").hasRole("ADMIN")
.antMatchers(
(A bunch of allowances to pages), "/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.rememberMe()
.key("myUniqueKey")
.userDetailsService(userDetailsService)
.rememberMeCookieName("remember-me")
.tokenValiditySeconds(100000000)
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
auth.setUserDetailsService(userService);
auth.setPasswordEncoder(passwordEncoder());
return auth;
}
@Bean
public AuthenticationManager customAuthenticationManager() throw Exception {
return authenticationManager();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
So I finally got it to work, to be honest I dont know why I had this problem, I thought I tried all the ways to authenticate the users(Using plain text password/hashed and different ways of getting UserDetails). I should really look more into authentication and stuff like that but for now, I found the fix through this post: hellokoding post