Announcement Announcement Module
Collapse
No announcement yet.
About UserDetailsService Query database doubt Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • About UserDetailsService Query database doubt

    org.springframework.security.core.userdetails.User DetailsService.loadUserByUsername

    Need to query the database when the log to generate UserDetails
    There is only one parameter username
    If the wrong username password correctly, then in order to generate UserDetails also to query about the database.
    This query is redundant, I do not understand why this design.
    UserDetails generated after authentication password is not better?

  • #2
    And how would you check the password? You still need to do a query, next to that you might want to use the (faulty or null) UserDetails to do some audit logging. If you do not have this that would be impossible. If the username is wrong there would be no UserDetails and there would be nothing to check... Still you would need to execute a query anyway.

    Comment


    • #3
      Authorities need to query to create UserDetails
      Collection<GrantedAuthority> also need to obtain a series of queries

      1. method : loadUserByUsername
      In this method, I can not get the input password
      why not provide the password parameter?

      2.
      If input the password is wrong, but input the username is correct ;(how to return empty authorities?)


      (my English grammar is poor, sorry)

      Comment


      • #4
        Originally posted by relucent View Post
        1. method : loadUserByUsername
        In this method, I can not get the input password
        why not provide the password parameter?
        Please check this FAQ.

        Comment


        • #5
          How to get Password/credentials

          If you really need Password you can extend AbstractUserDetailsAuthenticationProvider and implement retrieveUser method.

          Code:
          @Override
           protected UserDetails retrieveUser(String username,
                          UsernamePasswordAuthenticationToken authentication)
                          throws AuthenticationException {
          
                String password = authentication.getCredentials().toString();	  
           }

          Comment

          Working...
          X