Master Mind
Reputation: 3084
Spring security : User class without UserRole (roles). Authentication only no authorization needed
I'm using Spring-security with Spring-boot. My Application is a POC, for the moment there is no need to have Role.
I was wondering if it is possible to have a Custom UserDetailsService which return UserDetails in loadUserByUsername method but without the GrantedAuthority nor UserRole class.
I have googled all the day long for an example but I always get them with the UserRole.
Thanks in advance
Upvotes: 4
Views: 6988
Answers (1)
Sanjay
Reputation: 8965
This should work:
Let UserDetails return an empty collection in
getAuthorities():public class User implements UserDetails { ... @Override public Collection<? extends GrantedAuthority> getAuthorities() { return new HashSet<GrantedAuthority>(); } }Use just
authenticated()while configuring securityhttp.authorizeRequests() ... .antMatchers("/foo").authenticated() ...
Upvotes: 7
Related Questions
- User must be authenticated with Spring Security before authorization can be completed
- Spring Security/Spring Boot - How to set ROLES for users
- Authenticate user with Spring Security
- Spring security: log in using roles from database
- Spring Security Java configuration for authenticated users with a role
- Spring security authorization without authentication using role only
- Spring Security Authenticated User only
- Spring security works with access="ROLE_USER" but not with EL
- Defining Spring Security user roles
- Spring Security: User Authorization in Java Class