Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get more information from User - Spring Security

I have implemented Spring Security in my application. I have used default implementation, i.e., I have configured it with my own parameters (DataSource, Secured Areas, etc), but I haven't write any Custom implementation.

Now I want to capture more data from the user, that is on the same table as username and password, like company name, id, etc. However, I don't want do use this information in order to login.

I'm not sure how to do it. From what I've read, it's related to UserDetailsService. However, it seems that writing a Custom UserDetailsService would be necessary if I wanted to use this information during the login, and that's not what I want. I just want to use this information inside the application, after the user have logged in.

Is it really related to UserDetailsServer? Is this the only file I have to modificate?

All the examples I found of custom UserDetailsService just used username and password, so I can't understand where new data would come in.

Thanks!

like image 850
João Daniel Avatar asked Dec 16 '11 13:12

João Daniel


People also ask

What is SecurityContextHolder getContext () getAuthentication () getPrincipal ()?

The HttpServletRequest.getUserPrincipal() will return the result of SecurityContextHolder.getContext().getAuthentication() . This means it is an Authentication which is typically an instance of UsernamePasswordAuthenticationToken when using username and password based authentication.

Why Spring Security is so hard?

The thing with Spring Security is: It is difficult. Not because it is poorly designed or could be easier to use, but because of the complexity of its domain: Application security. Complex problems require technically sophisticated solutions, and security is one of them.


1 Answers

Overriding the UserDetailsService is what we did.. You'll need to implement your own UserDetailsService and your own UserDetails object:

public class CustomService implements UserDetailsService {
   @Transactional(readOnly = true)
    public UserDetails loadUserByUsername(String username) {

        Account account = accountDAO.findAccountByName(username);

        if (account == null) {
            throw new UsernameNotFoundException("account name not found");
        }
        return buildUserFromAccount(account);
    }


    @SuppressWarnings("unchecked")
    @Transactional(readOnly = true)
    private User buildUserFromAccount(Account account) {

        String username = account.getUsername();
        String password = account.getPassword();
        boolean enabled = account.getEnabled();
        boolean accountNonExpired = account.getAccountNonExpired();
        boolean credentialsNonExpired = account.getCredentialsNonExpired();
        boolean accountNonLocked = account.getAccountNonLocked();

        // additional information goes here
        String companyName = companyDAO.getCompanyName(account);


        Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        for (Role role : account.getRoles()) {
            authorities.add(new SimpleGrantedAuthority(role.getName()));
        }

        CustomUserDetails user = new CustomUserDetails (username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked,
                authorities, company);

        return user;
    }


public class CustomUserDetails extends User{

    // ...
    public CustomUserDetails(..., String company){
         super(...);
         this.company = company;
    }

    private String company;

    public String getCompany() { return company;}

    public void setCompany(String company) { this.company = company;}
}
like image 162
Pete Avatar answered Sep 30 '22 15:09

Pete