CODEWITHSUNDEEP
spring-mvcspring-security
cbmeeks
cbmeeks

Reputation: 11420

How can I point Spring MVC to our database for security?

I'm new to Spring. I just recently got an example working with annotations and basic security. Right now, we have to define our users in the security-app-context.xml file. What we want to do is connect to our existing database and use the users there.

Our user passwords are stored as such (MD5):

username    salt    password
moe         blah    bb3e4e328a64e9745a98728468aacbb0

The user is moe and the password is howard so we use: md5(moehowardblah) or md5(Username + Password + Salt)

Here is our web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <!--
      - Location of the XML file that defines the root application context
      - Applied by ContextLoaderListener.
     -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext-business.xml
            /WEB-INF/security-app-context.xml
        </param-value>
    </context-param>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>


    <!-- Processes application requests -->
    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/dispatcher-context.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>        

    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

</web-app>

Our security-app-context.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http use-expressions="true">
        <intercept-url pattern="/assets/**" access="isAuthenticated()" />
        <intercept-url pattern="/**" access="permitAll" />
        <form-login />
        <logout />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="rod" password="koala" authorities="supervisor, teller, user" />
                <user name="dianne" password="emu" authorities="teller, user" />
                <user name="scott" password="wombat" authorities="user" />
                <user name="peter" password="opal" authorities="user" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

Also, the example I have is using the built-in form for the user/pass which is fine for now but I will need to know how to use our own custom login. But I can save that for another question.

Thanks.

Upvotes: 0

Views: 483

Answers (1)

vacuum
vacuum

Reputation: 2273

All you need - is to create your own userDetailsService implementation. As you already have existing database, I assume, you have some kind of service or DAO with takes data from DB. Extend this service from UserDetailsService interface and override the only method:

 UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;

This assuming that your User object also implement the UserDetails interface.

Aftre this you only need to point spring use your service:

<authentication-manager>
    <authentication-provider user-service-ref="yourUserService" />
</authentication-manager>

Where is "yourUserService" — іs a reference to your userDetailsService implementation bean.

Upvotes: 1

Related Questions