Announcement Announcement Module
No announcement yet.
Spring Security with Hibernate. Some questions to get me orientated Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security with Hibernate. Some questions to get me orientated


    I've read most of the documentation and browsed the JavaDoc's quite a bit as well as done some Googling. I still would like some pointers of what I need to do.

    I have created my own PasswordEncoder which I've tried with the in-memory UserDetailsService and had some users in the XML, it worked nicely!

    I'm using Hibernate and would like to use it to persist my users.

    This is what I think I need to do:
    1. I implement the UserDetails interface in my User class. I will have additional information not needed for UserDetails stored in User, like e-mail address and other User data.
    2. I use DaoAuthenticationProvider and create a class MyHibernateUserService which implements the UserDetailsService interface. I set DaoAuthenticationProvider to use MyHibernateUserService. In MyHibernateUserService I load users from the database when loadUserByUsername(...) is called. I also make DaoAuthenticationProvider use my custom PasswordEncoder implementation.
    Did I miss anything or do you have any additional comments on the above?

    I also have some questions for things I'm puzzled on how to do:
    • The JavaDoc says that concrete implementations of the UserDetail interface should be immutable. But if I choose to store e-mail etc in the user those will sometimes change. How will these changes be handled?
    • When a new user is created. How should that be handled?
    • When a user changes his/her password. How is that handled?

    Best regards,