Announcement Announcement Module
No announcement yet.
Spring Security - Custom UserDetailsService Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security - Custom UserDetailsService


    I’m new to Spring Security, but I've been playing around with the latest Spring BlazeDS Integration Project and seem to have things working (Login/Logout).

    However instead of retrieving my user details from an xml file (like the example in the testdrive), I wanted to get them from a db.

    I achieved this by creating a custom UserDetailsService and extendeding, which should allow me to return my own User Object with extra parameters (e.g. firstname, lastname).

    In my client side application (on successful login) an Object with two parameters is returned:
    – authorities (Array)
    – name (String - which is the username)

    I'm expecting more properties. Below is a snippet of my custom UserDetailsService:
    public MyUser loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
    String sql = “select * from user where emailAddress like :username”;
    MapSqlParameterSource source = new MapSqlParameterSource();
    source.addValue(”username”, username);
    SimpleJdbcTemplate sjt = new SimpleJdbcTemplate(getDataSource());
    MyUser user = sjt.queryForObject(sql, RowMapperUtil.getUserRowMapper(), source);
    return user;
    I’m a bit lost here! I'm returning an Object of type MyUser and mapping all the fields correctly, so not sure where I'm going wrong.

    Your help is greatly appreciated,
    Last edited by flashbuilder; Sep 15th, 2009, 11:53 AM.

  • #2
    I believe the Spring Security interfaces will eventually want such an object (it's been a while since I've worked with Spring Security). Essentially, for authentication what it will want is users and their authorities (= roles). Security doesn't care about much more than that.

    Spring Security doesn't take responsibility for doing basic CRUD/data access tasks, so you shouldn't try to use it to populate a User object. It just wants to make sure that users can be authenticated, and when they do, that their roles (= authorities) are retrieved and stored in the security context.

    If you want to get a fully populated user object, I think you'll have to do that yourself. A good time to do this is when authentication was successful. Make sure you keep the security reference guide around, it's pretty good.


    • #3
      Thanks! I kinda of figured I'd have to do something different after wasting hours trying to solve this problem!