
these days I meet a problem, I can not figure it out,so please help me...

My entity: Utilisateur this is a french word means user

    @Inheritance(strategy = InheritanceType.JOINED)
    public class Utilisateur implements Serializable 
         private static final long serialVersionUID = 1L;
         @GeneratedValue(strategy = GenerationType.IDENTITY)
         protected int id;
         protected String login;
         protected String password;
         protected String nom;
         protected String prenom;
         protected String email;
         protected String username;}

    @OneToOne(mappedBy="user", cascade={CascadeType.ALL})
    private Role role;

    public int getId() {
        return id;

    public void setId(int id) { = id;

    public String getUsername() {
        return login;

    public void setUsername(String username) {
        this.username = username;

    public String getLogin() {
        return login;

    public void setLogin(String login) {
        this.login = login;

    public String getPassword() {
        return password;

    public void setPassword(String password) {
        this.password = password;

    public String getNom() {
        return nom;

    public void setNom(String nom) {
        this.nom = nom;

    public String getPrenom() {
        return prenom;

    public void setPrenom(String prenom) {
        this.prenom = prenom;

    public String getEmail() {
        return email;

    public void setEmail(String email) { = email;

    public Role getRole() {
        return role;

    public void setRole(Role role) {
        this.role = role;

and a Role entity.

In my web app, there is a controller to show for example the information about a student(Etudiant in french)

@EJB(mappedName = "Etudiant.EtudiantFacade")
    EtudiantFacade etudiantF;

    // Affiche le detail d'un Etudiant  (show the infomations of the student)
    @RequestMapping(value = "/Etudiant/{idEtudiant}/info")
    public ModelAndView detail(@PathVariable String idEtudiant, Model m) {
        return new ModelAndView("EtudiantInformation", "null", null);

I implemented my own CustomUseDetailService using the entity Utilisateur directly.

    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException {
        // TODO Auto-generated method stub

        boolean enabled = true;
        boolean accountNonExpired = true;
        boolean credentialsNonExpired = true;
        boolean accountNonLocked = true;

            Utilisateur etudiant = etudiantF.trouverParLogin(username);

            return new User(etudiant.getLogin(), etudiant.getPassword(), enabled,accountNonExpired,credentialsNonExpired,accountNonLocked,getAuthorities(etudiant.getRole().getRole()));


and my security.xml is below:

<http auto-config="true" use-expressions="true">
        <intercept-url pattern="/app/Login" access="permitAll"/>
        <intercept-url pattern="/app/*" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>
        <form-login login-page="/app/Login" 
        <logout logout-url="/app/Logout" logout-success-url="/"/>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="customUserDetailsService"/>

Last my question is: for a student, his id is 1, his username is stu1,to control this student with id 1 can only access his own page information /ProjetName/Student/{studentId}/Info how do I write the code with @PreAuthorize, I have see the document in form spring, there is example like @PreAuthorize( = principal.username), because there is a attribute username in principal, but here,what I need is Id, I use @RequestMapping(value = "/Etudiant/{idEtudiant}/info") to match the student not the username. So how can I solve it? Many thanks... I can not find the tutorial.

You can provide your own implementation for User class (just extend Add an identifier field to it. Then set corresponding value in loadUserByUsername method:

public UserDetails loadUserByUsername(String username)
    return new CustomUser(etudiant.getId(), etudiant.getLogin(), etudiant.getPassword(), enabled,accountNonExpired,credentialsNonExpired,accountNonLocked,getAuthorities(etudiant.getRole().getRole()));


Then you will be able to use it:

@PreAuthorize( =
