Reputation: 4516
Logging in with either profile name or email in Spring Security
I have a user bean with fields like userName, profileName, email etc.
I am implementing Spring Security in my application. In the login form I want the user to enter either profileName or email & he should be able to login with both. But it seems like the configuration only works for userName. I am fetching the user details from database using hibernate. Below is my code
FormLogin.jsp
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>Email/ProfileName</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
loadByUserName method in CustomUserDetailsService class
public UserDetails loadUserByUsername(String name)throws UsernameNotFoundException, DataAccessException
{
//returns the get(0) of the user list obtained from the db
User domainUser = userDAO.getUser(name);
logger.info("User fetched from database in loadUserByUsername method " + domainUser);
Set<Roles> roles = domainUser.getRole();
logger.info("roles of the user"+ roles);
Set<GrantedAuthority> authorities = new HashSet<>();
for(Roles role:roles) {
authorities.add(new SimpleGrantedAuthority(role.getRole()));
logger.info("role" +role+" role.getRole()"+(role.getRole()));
}
return new org.springframework.security.core.userdetails.User(
domainUser.getName(),
domainUser.getPassword(),
domainUser.isEnabled(),
domainUser.isAccountNonExpired(),
domainUser.isCredentialsNonExpired(),
domainUser.isAccountNonLocked(),
authorities);
}
Query from the db
@SuppressWarnings("unchecked")
public User getUser(String name){
List<User> userList = new ArrayList<User>();
Query query = sessionFactory.getCurrentSession().createQuery("from User u where u.name = :name");
query.setParameter("name", name);
userList = query.list();
if (userList.size() > 0)
return userList.get(0);
else
return null;
}
Can anyone help in fixing this?
spring-security.xml
<http auto-config="true">
<intercept-url pattern="/forms/welcome*" access="ROLE_ADMIN" />
<!-- Below config will display the custom form for authentication -->
<form-login login-page="/forms/login" default-target-url="/forms/welcome"
authentication-failure-url="/forms/loginfailed" />
<logout logout-success-url="/forms/logout" />
<!-- <http-basic /> -->
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailService">
</authentication-provider>
</authentication-manager>
Upvotes: 3
Views: 2209
Answers (1)
Reputation:
You don't post your security configuration. I assume that you have setup a standard configuration with DaoAuthenticationProvider in place and you are already able to login with username.
I this particular case I see only one modification to allow login with either username or email. Add a or predicate to your hibernate query that queries for user by email too. I assume that your entity has a property email.
"from User u where u.name = :name or u.email = :name"
Upvotes: 3
Related Questions
- Spring Security using both username or email
- How to log in by email instead of username in Spring security
- How to use email as a username in Spring Security?
- Login with only username in spring security
- using email and username both as login in spring security plugin in Grails
- How to create Spring Login with Email?
- Spring Login user information retreival
- Spring 3.2 Security - Login with non-unique username and additional info
- Special Login with Spring Security
- spring_security_last_username