Feb 4th, 2010, 03:03 PM
Authenticate with authorities/roles
I have a new project where the user must authenticate with three parameters, the usual username and password, plus an authority/role... For example: A user named John Smith has the role of administrator (ROLE_ADMIN) and when he tries to authenticate he must enter his username, his password, and chose from a drop-down thingy his authority... If any of these parameters is invalid, the authentication should fail, so if he choses a role he doesn't have, he shouldn't be able to login...
The question comes up, because in theory I know what to do, but in practice I'm a little confused. So this is my plan:
1. Create a custom UserDetailsService implementation and override the loadUserByUsername method.
2. Create a custom authentication manager and override the authenticate method.
3. Config the two classes in my Spring configuration .xml files.
I want to know if those steps are correct or should I need to extend the User class too, or any other thing I might be missing... If possible, an example would be ace but any kind of help is highly appreciated... Thanks in advance!