Reputation: 1187
Spring security with different type of sessions
I'm using spring security 3.1.4 and I have the following problem. In one web app I have 2 types of users with different custom "UserDetails" instance. How do I differentiate between the users in the implementation of UserDetailsService.loadUserByUsername. Can I have 2 UserDetailsServiceImpl and know when to use each one?
Upvotes: 0
Views: 88
Answers (1)
Reputation: 121560
Well, I suggest you to implement composite UserDetailsService and perform loadUserByUsername to both DB one by one. And it is logical, that the first UserDetailsServiceImpl to use should be for regular user, as soon as it is tipical, that the count of admin user is definitely less.
However by design it looks bad. It would be better to have separate hidden application for admins and get rid of a little vulnerability when simple user might guess an admin account.
Upvotes: 1
Related Questions
- Spring Security 2 types of login
- How to manage session with spring security based on request type?
- Session management using spring security
- Spring session creation policy per-request?
- Spring MVC security based on Session Attribute
- Spring Session and Spring Security
- Session Management using Spring Security: Concurrent sessions
- Spring 4 - Session Management
- Spring security creation of new session
- Session Management in Spring Security