In Spring Security 3.1 i am using form based authentication and want to put additional attributes in UserDetails object
https://stackoverflow.com/questions/9367089
-
28-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
I am new to Springs and not a advanced programmer of java.
I am creating a prototype where i am using Springs security. to keep it simple i am using JSP form based user authentication and have some dummy users in my applicationContext-security.xml
<security:http auto-config='true'>
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="foo" password="foo" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="bob" password="bob" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
The idea is that later this authentication method will be replaced by OpenId authentication.
Now what i need is once the user is authenticated, using the authenticated username i would like to retrieve additional details of the user from a database table and put it in Springs UserDetails object so that its available to me all the time
what i have researched so far is that i need to create my Custom UserDetailsService
my question is if i am using springs standard authentication method do i need to create a custom UserDetailsService ? I just want to store some additional details reading it from a database.
i have gone through many examples but none of them answers this particular issue. also since i am little new to these technologies. i get lost no how to tie the code snippets together. any help to point me to right direction would be great
thanks
Lösung
Yes. Generally you need a custom UserDetailsService which returns your extended UserDetails object with the additional properties you want. You'll find plenty of example configurations if you search SO, like this one, for example.
Strictly speaking, you don't have to use a UserDetailsService or implement UserDetails (you can implement AuthenticationProvider directly), but it's the easiest approach to being with and probably where you should start.
