Read/add user credentials from file in Spring Security

Question

Is it possible to store and modify user credentials in a file for Spring Security?

For now I have security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">
<http>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login />
    <logout />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
            <user name="user" password="user" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

And all I want is to store information in a file like users.txt or users.xml with possibility to add or modify user/password on the fly.

Answer 1

You need to override UserDetailsService for that

UserDao.java

import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/**
 * @author asif.hossain
 * @since 3/9/17.
 */
public class UserDao implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        String password = readPasswordFromFileOrDatabase(username);

        if (password == null) throw new UsernameNotFoundException("");

        return User
                .withUsername(username)
                .password(password)
                .authorities("ROLE_USER")
                .build();
    }

    private String readPasswordFromFileOrDatabase(String username) {
        // Edit this code and read password and roles from data base or files 
        if (username.equals("user")) return "password";
        return null;
    }
}

And add a bean of this class in security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">
<http>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login />
    <logout />
</http>

<bean id="userDao" class="UserDao"></bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userDao"></authentication-provider>
</authentication-manager>