Spring Security 3 database authentication with Hibernate

by

You have to make your own custom authentication-provider.

Example code:

Service to load Users from Hibernate:

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;    

@Service("userDetailsService") 
public class UserDetailsServiceImpl implements UserDetailsService {

  @Autowired private UserDao dao;
  @Autowired private Assembler assembler;

  @Transactional(readOnly = true)
  public UserDetails loadUserByUsername(String username)
      throws UsernameNotFoundException, DataAccessException {

    UserDetails userDetails = null;
    UserEntity userEntity = dao.findByName(username);
    if (userEntity == null)
      throw new UsernameNotFoundException("user not found");

    return assembler.buildUserFromUserEntity(userEntity);
  }
}

Service to convert your entity to a spring user object:

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;

@Service("assembler")
public class Assembler {

  @Transactional(readOnly = true)
  User buildUserFromUserEntity(UserEntity userEntity) {

    String username = userEntity.getName();
    String password = userEntity.getPassword();
    boolean enabled = userEntity.isActive();
    boolean accountNonExpired = userEntity.isActive();
    boolean credentialsNonExpired = userEntity.isActive();
    boolean accountNonLocked = userEntity.isActive();

    Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    for (SecurityRoleEntity role : userEntity.getRoles()) {
      authorities.add(new GrantedAuthorityImpl(role.getRoleName()));
    }

    User user = new User(username, password, enabled,
      accountNonExpired, credentialsNonExpired, accountNonLocked, authorities, id);
    return user;
  }
}

The namespace-based application-context-security.xml would look something like:

<http>
  <intercept-url pattern="/login.do*" filters="none"/>
  <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <form-login login-page="/login.do"
              authentication-failure-url="/login.do?error=failed"
              login-processing-url="/login-please.do" />
  <logout logout-url="/logoff-please.do"
          logout-success-url="/logoff.html" />
</http>

<beans:bean id="daoAuthenticationProvider"
 class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
  <beans:property name="providers">
    <beans:list>
      <beans:ref local="daoAuthenticationProvider" />
    </beans:list>
  </beans:property>
</beans:bean>

<authentication-manager>
  <authentication-provider user-service-ref="userDetailsService">
    <password-encoder hash="md5"/>
  </authentication-provider>
</authentication-manager>

More Related Contents:

  1. How to handle authentication/authorization with users in a database?
  2. Spring Security:password encoding in DB and in applicationContext
  3. How can I solve Postgresql SCRAM authentication problem?
  4. How to login and authenticate to Postgresql after a fresh install?
  5. Normalization in database management system
  6. How to perform compound queries with logical OR in Cloud Firestore?
  7. Database development mistakes made by application developers [closed]
  8. Copying PostgreSQL database to another server
  9. Surrogate vs. natural/business keys [closed]
  10. Do you use source control for your database items? [closed]
  11. What is NoSQL, how does it work, and what benefits does it provide? [closed]
  12. proper hibernate annotation for byte[]
  13. database vs. flat files
  14. Why do I need Transaction in Hibernate for read-only operations?
  15. What is the easiest way to ignore a JPA field during persistence?
  16. How Spring Security Filter Chain works
  17. How can I avoid SQL injection attacks?
  18. Why should I use document based database instead of relational database?
  19. Good Free Alternative To MS Access [closed]
  20. SQLite insert speed slows as number of records increases due to an index
  21. wikidata get all properties with labels and values of an item
  22. Are Cloud Firestore queries still case sensitive?
  23. How should you build your database from source control?
  24. Strange behavior in PowerShell function returning DataSet/DataTable
  25. Populating Spinner From SQLite Database Android
  26. HQL joined query to eager fetch a large number of relationships
  27. Does anyone know of a good library for mapping a person’s name to his or her gender? [closed]
  28. Minimum GRANTs needed by mysqldump for dumping a full schema? (TRIGGERs are missing!!)
  29. “Cannot drop database because it is currently in use”. How to fix?
  30. Is writing server log files to a database a good idea?

Leave a Comment