Announcement Announcement Module
Collapse
No announcement yet.
Custom implementation of Spring Security's UserDetailsService Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom implementation of Spring Security's UserDetailsService

    Hi All,

    I am a newbie to spring security. I tried few example on spring security and now I want to do the custom implementation of UserDetailsService to get username and password from custom tables. But, since I am new to spring security I couldn't catch the exact steps to follow to implement it. I read the reference manual but no luck. So if anyone can help me with the required steps to follow with small example, it would be great. the main problem is I don't have the clear idea about what methods should implement in service class and repository to do this job

    Thanks in advance

    Regards,
    Rumesh

  • #2
    Spring uses a default scheme for database authorization (see below), therefore you have to map your scheme...

    For spring security try something like this (but modifiy the SQL statement concerning your needs):


    Add e.g. to web.xml
    Code:
    <context-param>
        <param-name>contextConfigLocation</param-name>
          <param-value>
            /WEB-INF/applicationContext*.xml
        </param-value>
       </context-param>
    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
    applicationContext-security.xml
    Code:
    ?xml version="1.0" encoding="UTF-8"?>
    
    <beans:beans xmlns="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans 
                   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                   http://www.springframework.org/schema/security
                   http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
                   
      <http auto-config="true" access-denied-page="/error403.html">
        <intercept-url pattern="/login.html*" filters="none"/>
        <form-login login-page='/login.html' authentication-failure-url="/login.html?login_error=1" default-target-url="/index.jsp" />
      </http>
        
      <authentication-provider user-service-ref="userService" />
      
      <jdbc-user-service id="userService" data-source-ref="securityDataSource"
        users-by-username-query="SELECT Login AS 'username', Password AS 'password', Enabled AS 'enabled' FROM User WHERE Login = ?" 
        authorities-by-username-query="SELECT u.Login as 'username', ua.Authority as 'authority' FROM Authority ua, User u WHERE ua.id = u.authority_id AND u.Login = ?"
      />
      
      <beans:bean id="securityDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <beans:property name="driverClassName" value="${db.driverClass}" />
        <beans:property name="url" value="${db.jdbcUrl}" />
        <beans:property name="username" value="${db.user}" />
        <beans:property name="password" value="${db.password}" />
      </beans:bean>
    </beans:beans>
    maybe you also need to change the jdbc implementation concerning your database requirements.


    The libs you need are:
    Code:
    spring-security-acl-2.0.3.jar
    spring-security-core-2.0.3.jar
    spring-security-core-tiger-2.0.3.jar
    spring-security-taglibs-2.0.3.jar
    Spring itself uses by default this scheme:
    Code:
    CREATE TABLE users (
       username VARCHAR(50) NOT NULL PRIMARY KEY,
       password VARCHAR(50) NOT NULL,
       enabled BIT NOT NULL
    );
    
    CREATE TABLE authorities (
       username VARCHAR(50) NOT NULL,
       authority VARCHAR(50) NOT NULL
    );
    you have to map your own implementation to it.

    A different way might be, instead of using the userService, to create a view which matches the correct scheme.

    :-)
    Last edited by nOiDStaRr; Sep 9th, 2008, 03:32 AM.

    Comment


    • #3
      Thanks Buddy....

      Thank you very much nOiDStaRr. It works perfectly.

      Thanks again.

      regards,
      Rumesh

      Comment


      • #4
        how to keep the username in a session

        Hi All,

        I want to keep the username in session variable. Anyone know how to do it.
        please help me to solve the problem

        thanks in advance.

        regards,
        rumesh

        Comment


        • #5
          Suggestion

          The username is already stored in the session through the Spring UserDetails object. You only need to retrieve the value.

          Using the spring security tag library, you could do this:

          Code:
          <%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %> 
          <%-- be sure that your project's lib directory has spring-security-taglibs.jar --%>
          <html>
          <security:authentication property="principal.username" />
          </html>
          To retrieve it from the session through JSP you could use:

          Code:
          <%@ page import="org.springframework.security.context.SecurityContextHolder" %>
          <%@ page import="org.springframework.security.Authentication" %>
          <%
          		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
          		if (auth != null) %>
          			Username: <%= (auth.getPrincipal()).getUsername() %>
          Last edited by DavidZ; Sep 9th, 2008, 09:53 AM. Reason: Added Code Tag

          Comment


          • #6
            Its Working......

            Thanks DavidZ. that is exactly what I want.

            Regards,
            Rumesh

            Comment


            • #7
              Can we store other user information in session?

              I was wondering whether it would be possible to save information like Full name, Country,etc with the username when the user logged in. How can we do it? Any help would be greatly appreciated. Thanks in advance.

              Comment


              • #8
                How Can I change te UserDetails

                Hi my problem is that.
                I need know the expiration date of user password and if the password is expired then te system redirect to a change password page but is nonExpired then the system goto the main page.

                Im reading about the UserDetails Inteface and this have an unimplemeted methods : getAuthorities(). getPassword(), getUserName(),isAccountNonExpired(),isAccountNonLo cked(),isCredentialsNonExpired() and isEnabled()
                I need call this class in the applicationContext-security.xml and use a isAccountNonExpired method to know if the password has been expired.

                the password expiration date is definned in the database

                thanks

                Comment


                • #9
                  I need use Group Authorities with your example, do you hace any example with Group Authorities?

                  thank you

                  Comment

                  Working...
                  X