Q1) Is there a way (i.e. a class method) in Spring Security that allows you to list all the users and roles that are in the Sprint Security user and role tables? (I am not looking for only registered users, and I am not looking only for power for this user. I am looking for all users and all authorities.)
Q1b) If there is a way, do you need special permissions for the user executing this request?
(I can hack this by writing my own SQL statement that queries the user and credentials table, but this seems like unnecessary error-prone work and violates the Spring Security API.)
In case this helps, my application setup is pretty standard:
<authentication-manager alias="myAuthenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, enabled from users where users.username=?"
authorities-by-username-query="select users.username,authority from users,authorities where users.username=authorities.username and users.username=?" />
</authentication-provider>
</authentication-manager>
and
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName">
<beans:value>com.mysql.jdbc.Driver</beans:value>
</beans:property>
<beans:property name="url">
<beans:value>jdbc:mysql://XXXXX:XXXX/XXXXX</beans:value>
</beans:property>
<beans:property name="username">
<beans:value>XXXXX</beans:value>
</beans:property>
<beans:property name="password">
<beans:value>XXXXXX</beans:value>
</beans:property>
</beans:bean>