How to log in by email instead of username in Spring security

Question

I use Spring security. Is there a way to log in using email instead of a username in Spring security?

Answer 1

You need an "email" parameter in your login form

<input type="email" name="email">

Then let your custom WebSecurityConfigurerAdapter know that "email" is a principal parameter now

protected void configure(HttpSecurity http) throws Exception {
         http
            .formLogin()
            .loginPage("/login")
            .usernameParameter("email")
            .permitAll()
        .and()
            .logout()
            .permitAll();
}

Finally, override loadUserByUsername() in your UserDetailsService implementation

@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
    User user = userRepo.findByEmail(email);

    if (user == null) {
        throw new UsernameNotFoundException("Not found!");
    }

    return user;
}

Answer 2

The simplest way is just regard email as username.

For many cases, email contains your username. For example: [email protected]. In this email, abc is your username.

So you just need to let the user input email directly.

The only thing you need to update is change your query SQL similar as below:

Change (query by username):

SELECT username,password FROM users WHERE username=#{username}

to (query by email)

SELECT email AS username,password FROM users WHERE email=#{username}