I am currently developing a multi user Spring Boot application with JPA/Hibernate and an Angular 2 frontend. I envision two basic types of users: Vendors and customers.
Before starting to code I crafted a UML class diagram with the class User
and two subclasses Customer
and Vendor
. The reason for the subclasses is that they have different attributes: e.g. a vendor should be able to write a general description about himself whereas a customer should be able to save favorites.
The following picture is an excerpt of my class diagram:
As it's my first app with Login/Registration feature I started reading tutorials about how to implement a Login and Registration feature with Spring Security. Over time, I had to realize that basically all the samples contain only one User
class, whose privileges are determined upon his Role
s, which is typically a recommended/needed class to achieve the above mentioned functionality.
It appears to me that the User
class is not meant to have subclasses, but naturally the tutorials and samples mostly cover the basic setup and not the representation of a complex business model with completely different users.
My question is the following: is it feasible and advisable to create subclasses of the User
class which I want to use for the authorization with a custom UserDetailsService
class? If not, do you recommend merging the attributes from the Customer
and Vendor
class into the User
class and consequently determine upon the User
's roles if he should be able to have a certain attribute and otherwise it will just be null?
Thanks a lot in advance!
Spring security work with UserDetailsService
interface for authentication and authorize features. You should implement loadUserByUsername
function for load User
from database or in memory or any where.
Spring security work with UserDetails
interface as model. Therefore your User
entity need to implement UserDetails
interface that spring security can work with that.
Now, you have User
entity that can inherited like other entities and you can annotate it with @Inheritance
like below:
@Entity
@Inheritance(strategy = InheritanceType.JOINED)
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private int id;
@Length(min=5)
private String password;
private String username;
@Email
private String email;
private String phoneNumber;
private boolean enabled;
private boolean verified;
@ManyToMany(cascade = CascadeType.ALL,fetch = FetchType.EAGER)
private Set<Authority> roles= new HashSet<>();
//...
}
@Entity
public class Vendor extends User{
private String name;
private String description;
private Date openingTime;
private Date closingTime;
@ManyToOne
private List<File> images;
//...
}
@Entity
public class Customer extends User{
private String forename;
private String surname;
@ManyToOne
private List<PaymentDetails> paymentDetailsList;
//...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With