Junior Member
Spring Security- DB authentication
Hi,
I am going thru Spring Security examples and not finding concrete example for database based authentication. If we go with our existing user profile table, i know we have to add the new query in jdbc tag. But what is the purpose of UserDetailService class. Do we have to implements it?? Not finding any end to end example for this.
Any help would be nice.
Thanks
Senior Member
Spring Team
Refer to the contacts sample application to see database authentication in action. A summary of the configuration is below:
Code:<authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="select username,authority from authorities where username = ?" users-by-username-query="select username,password,enabled from users where username = ?"/> </authentication-provider> </authentication-manager>
Last edited by Rob Winch; Dec 20th, 2010 at 11:00 AM. Reason: improve readability
Junior Member
I dont see the below snippet you have in contacts sample sources or war file 3.0.3 release.
My question is how does UserDetaiLService comes in play. Do I have to write some code after implementing it or is it automatically take care. We are not using spring security login page. We have user login from cgi screen. Than when they click on A- it will take them to java page. Where if user has Admin access they can view everything, else on few things.
So we are using spring security jsp tag to do that. I have username and password from cgi side. So I need to call spring security tables with this user name and password, get the authority and use jsp tag to display or not.
How can I do that. I am not finding much on this.
Thanks
Senior Member
Spring Team
You won't find the exact snippet as it uses the default values for the two queries I explicitly posted (in hopes of helping you). You can find the sample in samples/contacts/src/main/resources/applicationContext-security.xmlOriginally Posted by sam101
The xml configuration will use an existing classes (JdbcDaoImpl, DaoAuthenticationProvider, ProviderManager) to perform authentication. This means if you can find a username,password,enabled given a username with an sql statement and you can find the roles for the user given an sql statement you shouldn't need to write any code. If you need additional attributes you will need to implement the UserDetailsService yourself.
I'm not sure what you mean by cgi as it has a few meanings. I assume you mean Computer Generated Interface (i.e. a rich client) and not Common Gateway Interface. Can you elaborate on this?
What do you mean by java page? Is this a jsp?
Junior Member
CGI- Its a Perl app. So we login from their. Than call another java app. So we need to save that perl user name and password pass it in java app via url parameters. Than in java use request to get them Than pass in spring security tables to get authority.
Where do I pass this variable values and how? Do I need to have custom userdetailservice for this??
I hope you are getting my problem..
Thanks
Senior Member
Spring Team
I think your last response has made what you are doing a little more clear. It appears you are wanting to authenticate to a java service using a username/password passed into a perl application.
This is up to you. A common approach would be to use basic authentication over https.
My previous response still applies...
Posting Permissions
Reply With Quote