How to list *all* users and *all* authorities in a Spring Security application

Question

Q1) Is there a way (ie a class method) in Spring Security that allows you to list all the users and roles that is in the Sprint Security user & roles tables? (I'm not looking for only logged in users; and I'm not looking for only the authorities for a given user. I'm looking for all users and all authorities.)

Q1b) If there is a way, does the user running this query need special permissions?

(I can hack this by writing my own SQL statement that queries the users and authorities table, but that seems like unecessary work, prone to mistakes, and breaks the Spring Security API.)

In case it helps, my application context setup is fairly standard:

<authentication-manager alias="myAuthenticationManager">
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username, password, enabled from users where users.username=?"
            authorities-by-username-query="select users.username,authority from users,authorities where users.username=authorities.username and users.username=?" />
    </authentication-provider>
</authentication-manager>

and

<beans:bean id="dataSource"
    class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <beans:property name="driverClassName">
        <beans:value>com.mysql.jdbc.Driver</beans:value>
    </beans:property>
    <beans:property name="url">
        <beans:value>jdbc:mysql://XXXXX:XXXX/XXXXX</beans:value>
    </beans:property>
    <beans:property name="username">
        <beans:value>XXXXX</beans:value>
    </beans:property>
    <beans:property name="password">
        <beans:value>XXXXXX</beans:value>
    </beans:property>
</beans:bean>

Answer 1

Spring Security implementation solve very specific task and in most cases this task needs only one user. So many of Spring Security queries contain user filter "where username = ?". You could easily check all available queries by downloading sources and searching for string ["select ].

So, you should write your own queries (JDBC or Hibernate) in your DAO-layer for your tasks.

Answer 2

No - looking at the API for JdbcUserDetailsManager which you are using there are no methods to list all users or list all authorities. You'll need to write custom code to do it.