Best IT Recipes

How to configure Spring Security 2 database authentication with Hibernate 3 Annotated Classes?

I am building an application using Hibernate 3 (with JPA Annotations), Spring 2.5 and Spring Security 2.0.5.

I want to know what I need to put in my <authentication-provider> in my Spring security configuration file (applicationContext-security.xml) so that I can get Spring Security to use my existing service level class (AuthenticationService), which deals with my user domain and user objects.

I understand that Spring Security requires two tables with the following schema:

  create table users( username varchar_ignorecase(50) not null primary key, password varchar_ignorecase(50) not null, enabled boolean not null); create table authorities ( username varchar_ignorecase(50) not null, authority varchar_ignorecase(50) not null, constraint fk_authorities_users foreign key(username) references users(username)); create unique index ix_auth_username on authorities (username,authority);;

but I want to use my own domain objects that are different from the above table definitions.

Can someone point me in the right direction? I cannot find useful documentation, and I am not sure if what I want to do is really possible.

Thank!

+3
spring spring-security jpa
Feb 23 '10 at 13:34
source share
3 answers

You can implement a custom UserDetailsService as a bridge between your domain and Spring Security. Then you provide Spring Security with it as follows (for Spring Security 2.x):

 <security:authentication-provider user-service-ref='myUserDetailsService'/> <bean id="myUserDetailsService" class="... your implementation ..."> ... </bean>
+8
Feb 23 '10 at 15:38
source share

Define your own AutenticationManager with <bean id="myAuthenticationManager" class="com.security.MyAuthunticationManager"/> , and the MyAutenticationManager class must implement org.springframework.security.AuthenticationManager and override the authenticate(Authentication authentication) method in which you will Use your custom service and domain objects to verify user credentials and add their roles to the authentication object.

+1
Feb 23 2018-10-23
source share

Do what axtavt said, or if you don't need anything more than getting into the user table, you can override the query:

 <security:authentication-provider> <jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="SELECT u.username, a.authority FROM users u, authorities a WHERE u.username = a.username AND u.username = ?" /> users-by-username-query="SELECT username, password, enabled FROM users WHERE username = ?" /> </security:authentication-provider>

I would do what axtavt suggested. You can create a DTO (data transfer object) that implements the Spring Security User object. This will allow you to access the relevant data when retrieving a user from SecurityContextHolder:

 Object o = SecurityContextHolder.getContext().getAuthentication().getDetails(); UserDetailsDTO u = (UserDetailsDTO) o; User user = u.getUser(); // now you have primary key, etc., etc.

You really don't need it right now looking at your tables, but IMO, your circuit needs a job.

+1
Feb 25 2018-10-25T00
source share


More articles:


All Articles