All geek questions in one place

How to create a custom UserDetail object in Spring Security

I created my own Authenticaton Manager for Spring Security, which looks something like this:

public class AccountAuthenticationProvider implements AuthenticationProvider{ @Autowired private AuthenticationService authService; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String userName = authentication.getName(); String password = (String)authentication.getCredentials(); if(authService.isValid(userName,password)){ List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>(); grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER")); SecurityContext securityContext = new SecurityContextImpl(); return new UsernamePasswordAuthenticationToken(userName,password); } return null; } public void setAuthService(AuthenticationService authService) { this.authService = authService; } @Override public boolean supports(Class<?> authentication) { return true; } }

but how to create your own custom UserDetail object? I will use this to store account related values

+6
source share
3 answers

you need to implement UserDetailsService and override the loadUserByUsername method to return your custom UserDetails class.

Check out the links below:

http://www.javaroots.com/2013/03/how-to-use-custom-dao-classe-in-spring.html http://www.javacodegeeks.com/2012/08/spring-security-implementing -custom.html

+5
source

you need to implement UserDetailsService and override the loadUserByUsername method to return your custom UserDetails class. Like this -

 public class UserServiceImpl implements UserDetailsService {` @Autowired UserDaoImpl userDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println(username); Users user = (Users) userDao.findByUserName(username); List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoles()); System.out.println("after...."); return buildUserForAuthentication(user, authorities); } private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) { Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>(); for(UserRole userRole : userRoles){ System.out.println("called buildUserAuthority(Set<UserRole> userRoles) method....."); setAuths.add(new SimpleGrantedAuthority(userRole.getRole())); } List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(setAuths); return grantedAuthorities; } private User buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) { //accountNonExpired, credentialsNonExpired, accountNonLocked, authorities properties System.out.println("called buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) method...."); return new User(user.getUsername(), user.getPassword(), user.getEnabled(), true, true, true, authorities); }}
+3
source

You had almost everything!

 if(authService.isValid(userName,password)) { List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>(); grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER")); MyObject myObj = new MyObject(userName, password, otherInfo); return new UsernamePasswordAuthenticationToken(mjObj,"", grantedAuthorityList); }

The first argument to UsernamePasswordAuthenticationToken is the principle. A principle is an object in a system that represents a person (or thing) who has just entered the system.

Prior to authentication, the principle is simply a name (String), because all the information that you have at that moment. After logging in, you can collect other information to go with the user.

Spring offers interfaces: User , UserDetails and UserDetailsService to help manage users and do things with users with Springy, so if you make MyObject implement UserDetails , you can get some additional benefits from the Spring environment, but not necessarily, you can only use MyObject

In your controllers (in Spring 4), you can use @AuthenticationPrincipal to enter a custom object in calls, for example:

 @RequestMapping(method = RequestMethod.GET, value = "/foo/{bar}") public SomeObject myCommand(@AuthenticationPrincipal MyObject user, @PathVariable String bar);
+2
source

Source: https://habr.com/ru/post/976928/

More articles:


All Articles