Mar 25th, 2009, 06:59 PM
Spring Security with Hibernate. Some questions to get me orientated
I've read most of the documentation and browsed the JavaDoc's quite a bit as well as done some Googling. I still would like some pointers of what I need to do.
I have created my own PasswordEncoder which I've tried with the in-memory UserDetailsService and had some users in the XML, it worked nicely!
I'm using Hibernate and would like to use it to persist my users.
This is what I think I need to do:
- I implement the UserDetails interface in my User class. I will have additional information not needed for UserDetails stored in User, like e-mail address and other User data.
- I use DaoAuthenticationProvider and create a class MyHibernateUserService which implements the UserDetailsService interface. I set DaoAuthenticationProvider to use MyHibernateUserService. In MyHibernateUserService I load users from the database when loadUserByUsername(...) is called. I also make DaoAuthenticationProvider use my custom PasswordEncoder implementation.
Did I miss anything or do you have any additional comments on the above?
I also have some questions for things I'm puzzled on how to do:
- The JavaDoc says that concrete implementations of the UserDetail interface should be immutable. But if I choose to store e-mail etc in the user those will sometimes change. How will these changes be handled?
- When a new user is created. How should that be handled?
- When a user changes his/her password. How is that handled?
Tags for this Thread