How to create Custom UserDetail Object in Spring Security

Question

I have built my custom Authenticaton Manager for Spring Security which goes something like this

   public class AccountAuthenticationProvider implements  Aut         


        

Answer 1

you need to implement UserDetailsService and override loadUserByUsername method to return your customized UserDetails class.

check below links:

http://www.javaroots.com/2013/03/how-to-use-custom-dao-classe-in-spring.html http://www.javacodegeeks.com/2012/08/spring-security-implementing-custom.html

Answer 2

You almost had it!

if(authService.isValid(userName,password)) {
    List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>();
    grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
    MyObject myObj = new MyObject(userName, password, otherInfo);
    return  new UsernamePasswordAuthenticationToken(mjObj,"", grantedAuthorityList);
}

The first argument to UsernamePasswordAuthenticationToken is the principle. The principle is the object in the system that represents the person (or thing) that just logged in.

Before authentication the principle is just the (String) username because that's all the information you have at that point. After logging in you may collect other information to go with the user.

Spring offers interfaces: User, UserDetails and UserDetailsService to help manage users and do Springy stuff with users, so if you make MyObject implement UserDetails then you can get a few extra benefits from the Spring environment, but it is not necessary you can stick with just your MyObject.

In your controllers (in Spring 4) you can use the @AuthenticationPrincipal to inject the user object into the calls, e.g.:

@RequestMapping(method = RequestMethod.GET, value = "/foo/{bar}")
public SomeObject myCommand(@AuthenticationPrincipal MyObject user, @PathVariable String bar);

Answer 3

you need to implement UserDetailsService and override loadUserByUsername method to return your customized UserDetails class. Like this-

public class UserServiceImpl implements UserDetailsService {`

@Autowired
UserDaoImpl userDao;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    System.out.println(username);
    Users user = (Users) userDao.findByUserName(username);
    List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoles());
    System.out.println("after....");
    return buildUserForAuthentication(user, authorities);
}

private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {
    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>(); 
    for(UserRole userRole  : userRoles){
        System.out.println("called buildUserAuthority(Set<UserRole> userRoles) method.....");
        setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
    }

    List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(setAuths);
    return grantedAuthorities;
}

private User buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) {
    //accountNonExpired, credentialsNonExpired, accountNonLocked, authorities properties
    System.out.println("called buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) method....");
    return new User(user.getUsername(), user.getPassword(), user.getEnabled(), true, true, true, authorities);
}}