2

My application is based on Spring 3, Hibernate 3, MySQL. I read the Spring Security document and learnt that I can implement Authentication as given below,

<authentication-manager>
   <authentication-provider>
    <jdbc-user-service data-source-ref="dataSource"

       users-by-username-query="
          select username,password, enabled 
          from users where username=?" 

       authorities-by-username-query="
          select u.username, ur.authority from users u, user_roles ur 
          where u.user_id = ur.user_id and u.username =?  " 

    />
   </authentication-provider>
</authentication-manager>

I understood above part but my concern is, in my application user table doesn't only store the userName, password and enabled field. It also stores first and last name, emailID, phone etc. On successful authentication, I want next jsp to populate all user details automatically and not ask user the same information which it will ask to non-regirstered user.

  1. I want to use annotation based configuration and not xml based (unlike mentioned in spring 2.5 examples)
  2. spring document doesnt use hibernate for security. Should i use hibernate or jdbc-user-service? if hibernate then how?
  3. I saw couple of examples use customized UserService. Is that I need to do as well?

Can someone kindly advice with good examples? any references to other posts will help too.

Maciej Ziarko
  • 11,494
  • 13
  • 48
  • 69
Sachin
  • 449
  • 2
  • 9
  • 27

1 Answers1

1

As for now Spring Security is mostly configured without annotations, but you can use special XML namespace for simple customization of Spring Security.

You need to implement your own UserDetailsService which will be responsible for loading details of the user from persistent store.

UserDetailsService interface has just one method

UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;

After implementing and creating bean of your component you need to inject it:

<authentication-manager>
   <authentication-provider user-service-ref="myUserDetailsService"/>
</authentication-manager>

More in Spring Security Docs:

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#tech-userdetailsservice

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#nsa-authentication-provider

If you don't have information like enabled in your database, you will always have to put true value in your UserDetails object for that field.

Maciej Ziarko
  • 11,494
  • 13
  • 48
  • 69
  • thanks Mac. Hopefully using your explaination and below posts I can implement Authantication specific to my application. – Sachin Nov 06 '12 at 18:04
  • and http://stackoverflow.com/questions/11361471/springsecurity-form-login-using-userdetailsservice-and-hibernate – Sachin Nov 06 '12 at 18:05
  • Should you have any more problems, don't hestitate to write. – Maciej Ziarko Nov 06 '12 at 18:06
  • and http://stackoverflow.com/questions/2683308/spring-security-3-database-authentication-with-hibernate/2701722#2701722 – Sachin Nov 06 '12 at 18:07