Announcement Announcement Module
Collapse
No announcement yet.
Spring Security- DB authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security- DB authentication

    Hi,
    I am going thru Spring Security examples and not finding concrete example for database based authentication. If we go with our existing user profile table, i know we have to add the new query in jdbc tag. But what is the purpose of UserDetailService class. Do we have to implements it?? Not finding any end to end example for this.

    Any help would be nice.

    Thanks

  • #2
    Refer to the contacts sample application to see database authentication in action. A summary of the configuration is below:

    Code:
    <authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource" 
          authorities-by-username-query="select username,authority from authorities where username = ?" 
          users-by-username-query="select username,password,enabled from users where username = ?"/>
      </authentication-provider>
    </authentication-manager>
    Last edited by Rob Winch; Dec 20th, 2010, 12:00 PM. Reason: improve readability

    Comment


    • #3
      I dont see the below snippet you have in contacts sample sources or war file 3.0.3 release.

      My question is how does UserDetaiLService comes in play. Do I have to write some code after implementing it or is it automatically take care. We are not using spring security login page. We have user login from cgi screen. Than when they click on A- it will take them to java page. Where if user has Admin access they can view everything, else on few things.

      So we are using spring security jsp tag to do that. I have username and password from cgi side. So I need to call spring security tables with this user name and password, get the authority and use jsp tag to display or not.

      How can I do that. I am not finding much on this.
      Thanks

      Comment


      • #4
        Originally posted by sam101 View Post
        I dont see the below snippet you have in contacts sample sources or war file 3.0.3 release.
        You won't find the exact snippet as it uses the default values for the two queries I explicitly posted (in hopes of helping you). You can find the sample in samples/contacts/src/main/resources/applicationContext-security.xml

        Originally posted by sam101 View Post
        My question is how does UserDetaiLService comes in play. Do I have to write some code after implementing it or is it automatically take care.
        The xml configuration will use an existing classes (JdbcDaoImpl, DaoAuthenticationProvider, ProviderManager) to perform authentication. This means if you can find a username,password,enabled given a username with an sql statement and you can find the roles for the user given an sql statement you shouldn't need to write any code. If you need additional attributes you will need to implement the UserDetailsService yourself.

        Originally posted by sam101 View Post
        We are not using spring security login page. We have user login from cgi screen.
        I'm not sure what you mean by cgi as it has a few meanings. I assume you mean Computer Generated Interface (i.e. a rich client) and not Common Gateway Interface. Can you elaborate on this?

        Originally posted by sam101 View Post
        Than when they click on A- it will take them to java page. Where if user has Admin access they can view everything, else on few things.
        What do you mean by java page? Is this a jsp?

        Comment


        • #5
          CGI- Its a Perl app. So we login from their. Than call another java app. So we need to save that perl user name and password pass it in java app via url parameters. Than in java use request to get them Than pass in spring security tables to get authority.

          Where do I pass this variable values and how? Do I need to have custom userdetailservice for this??

          I hope you are getting my problem..
          Thanks

          Comment


          • #6
            I think your last response has made what you are doing a little more clear. It appears you are wanting to authenticate to a java service using a username/password passed into a perl application.

            Originally posted by sam101 View Post
            Where do I pass this variable values and how?
            This is up to you. A common approach would be to use basic authentication over https.

            Originally posted by sam101 View Post
            Do I need to have custom userdetailservice for this??
            My previous response still applies...
            Originally posted by rwinch View Post
            The xml configuration will use an existing classes (JdbcDaoImpl, DaoAuthenticationProvider, ProviderManager) to perform authentication. This means if you can find a username,password,enabled given a username with an sql statement and you can find the roles for the user given an sql statement you shouldn't need to write any code. If you need additional attributes you will need to implement the UserDetailsService yourself.

            Comment

            Working...
            X