SpringSecurity UserDetailsService get password

Question

SpringSecurity UserDetailsService get password

I am creating an authentication service in Spring.

I use UserDetailsService to get form variables, but I found that loadUserByUsername has only one variable - username.

How to get a password?

public class userAuthentication implements UserDetailsService{ private @Autowired ASPWebServicesUtils aspWebServicesUtils; @Override public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException { //how to get password ? User user = new User("test", "test", true, true, true, true, getAuthorities(true)); return user; } private List<GrantedAuthority> getAuthorities(boolean isAdmin){ List<GrantedAuthority> authorityList = new ArrayList<GrantedAuthority>(2); authorityList.add(new SimpleGrantedAuthority("USER_ROLE")); if(isAdmin){ authorityList.add(new SimpleGrantedAuthority("ADMIN_ROLE")); } return authorityList; } //... }

thanks

+7

java spring-security

Ilkar Feb 18 '13 at 14:40

source share

5 answers

Arun P Johny · Answer 1 · 2013-02-18T14:56:18+0000

If you look at the User object, the second parameter in the constructor will be the password.

UserDetailsService is used to load the user from a basic structure, such as a database. The loadUserByUsername method is called when a user tries to log in with a username and password, namely, the service service loads the user and returns him to the security framework. The required data includes data such as username , password , accountNonExpired , credentialsNonExpired , accountNonLocked and authorities .

As soon as spring protection receives the user object, it will check the user for the password entered by the user and other data, such as the status of the user account (accountNonExpired, credentialsNonExpired, etc.).

Sotirios delimanolis · Answer 2 · 2013-02-18T14:50:32+0000

I believe that UserDetailsService supposed to be used to create a UserDetails object from some kind of storage in the back panel, database, flat file, etc. Once you have UserDetails , spring security (or you) must be compared with the username (or other principals) and password (credentials) provided by the user to authenticate this user.

I do not think that you use it the way it is intended.

Robin Rizvi · Answer 3 · 2015-09-28T20:03:21+0000

Some of the standard (off-the-shelf) mechanisms for extracting user information and providing authentication information:

inMemoryAuthentication
jdbcAuthentication
ldapAuthentication
UserDetailsService

If the above is not suitable for your purpose and you need to have your own solution, you can create and configure a new authentication provider as follows:

Security Configuration:

 @Configuration @EnableWebMvcSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override @Autowired public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(new CustomAuthenticationProvider()); } .... }

Authentication Provider:

 public class CustomAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String name = authentication.getName(); // You can get the password here String password = authentication.getCredentials().toString(); // Your custom authentication logic here if (name.equals("admin") && password.equals("pwd")) { Authentication auth = new UsernamePasswordAuthenticationToken(name, password); return auth; } return null; } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } }

Nimchimpsky · Answer 4 · 2013-02-18T14:46:14+0000

loadUserByUsername(String name) is the method defined on the interface (UserServicedetails, which I think) that your service implements. You must write an implementation.

Just as you need to write an implementation for getPassword () or similar ... spring does not provide this. I suppose the password is stored in your user object, but you wrote that ... did you create the getPassword() method?

Siva anand · Answer 5 · 2016-08-10T11:07:09+0000

XML injection:

 <authentication-manager alias="loginAuthenticationManager"> <authentication-provider ref="loginAuthenticationProvider" /> </authentication-manager> <!-- Bean implementing AuthenticationProvider of Spring Security --> <beans:bean id="loginAuthenticationProvider" class="com.config.LoginAuthenticationProvider"> </beans:bean>

AuthenticationProvider:

 public class LoginAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String name = authentication.getName(); // You can get the password here String password = authentication.getCredentials().toString(); // Your custom authentication logic here if (name.equals("admin") && password.equals("pwd")) { List<GrantedAuthority> grantedAuths = new ArrayList<>(); grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER")); return new UsernamePasswordAuthenticationToken(name, password, grantedAuths); } return null; } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } }

SpringSecurity UserDetailsService get password

More articles: