Crowd login error: java.lang.UnsupportedOperationException: Not giving you the password

UlrichHuber · January 27, 2020, 8:43am

Hi Community,

I want to add my Spring Security app to our Crowd System (w/o SSO in the first step).

I made the whole config as written in Atlassian documentation (step by step): Integrating Crowd with Spring Security | Crowd Data Center and Server 5.1 | Atlassian Documentation
The spring System was working well with local user list and passwords (only for testing).

My System configuration is:

Crowd 3.7.0
the application object is generated in Crowd

When I start the login (Spring default form) I see the follwing error message:

java.lang.UnsupportedOperationException: Not giving you the password
	com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails.getPassword(CrowdUserDetails.java:72)
	org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:94)
	org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166)
	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
	org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)

My web search only shows me an article, that I should use the Atlassian documentation.

I tried it out with Spring 4.2.4 and also with Spring 5.2.1 release.
The error message is always the same.
Also I tried to register Crowd Provider seperate in security.xml, it want work too.

Here my configuration files:

spring-secruity.xml (Spring 4.2)

<b:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:b="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <global-method-security
            secured-annotations="enabled" pre-post-annotations="enabled" >
    </global-method-security>

    <http auto-config="true" />

    <b:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
        <b:property name="crowdClient" ref="crowdClient"/>
        <b:property name="authorityPrefix" value="ROLE_"/>
    </b:bean>

    <b:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
        <b:constructor-arg ref="crowdClient"/>
        <b:constructor-arg ref="crowdHttpAuthenticator"/>
        <b:constructor-arg ref="crowdUserDetailsService"/>
    </b:bean>
</b:beans>

applicationContext-CrowdRestClient.xml (copied from Crowd.lib):

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans.xsd">

    <bean id="resourceLocator" class="com.atlassian.crowd.service.client.ClientResourceLocator">
        <constructor-arg value="crowd.properties"/>
    </bean>

    <bean id="clientProperties" class="com.atlassian.crowd.service.client.ClientPropertiesImpl" factory-method="newInstanceFromResourceLocator">
        <constructor-arg type="com.atlassian.crowd.service.client.ResourceLocator" ref="resourceLocator"/>
    </bean>

    <bean id="crowdClientFactory" class="com.atlassian.crowd.integration.rest.service.factory.RestCrowdClientFactory"/>

    <bean id="crowdClient" factory-bean="crowdClientFactory" factory-method="newInstance">
        <constructor-arg ref="clientProperties"/>
    </bean>

    <bean id="validationFactorExtractor" class="com.atlassian.crowd.integration.http.util.CrowdHttpValidationFactorExtractorImpl" factory-method="getInstance"/>

    <bean id="tokenHelper" class="com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelperImpl" factory-method="getInstance">
        <constructor-arg ref="validationFactorExtractor"/>
    </bean>

    <bean id="crowdHttpAuthenticator" class="com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl">
        <constructor-arg ref="crowdClient"/>
        <constructor-arg ref="tokenHelper"/>
        <constructor-arg ref="clientProperties"/>
    </bean>

    <bean id="crowdSecurityFilter" class="com.atlassian.crowd.integration.http.filter.CrowdSecurityFilter">
        <constructor-arg ref="crowdHttpAuthenticator"/>
        <constructor-arg ref="clientProperties"/>
    </bean>

</beans>

web.xml

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring/applicationContext-CrowdRestClient.xml
			/WEB-INF/spring/spring-security.xml
		</param-value>
	</context-param>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter>
		<filter-name>struts2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter-mapping>
		<filter-name>struts2</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

No errors were displayed when app starts in Tomcat debug mode. Spring seems to be initialized well.
Also no lib error´s are shown.

Do you have any idea how to fix it?

Regards
Uli

TimothyForbes · April 26, 2021, 2:37pm

I’m afraid I can’t advise wrt setting up Spring Security. I came across this post while researching a j_spring_security_check error involving the crowd plugin. I also found [JENKINS-64186] Remember me with crowd "Not giving you the password" - Jenkins Jira which explains why the crowd plugin doesn’t seem to work with “remember me”. Hope this helps.