I wish spring security would work on their documentation and tell people how easy it is to implement a custom service for loading user details. You don’t HAVE to use JDBC to do that, you can write your very own hibernate, toplink or whatever DAO to do just that. It’s important to realise that spring-security does not send your password to the database ever. Instead it loads a user’s details and then compares it’s password internally before validating the user and granting it access to internal pages.
In my case I did not want to maintain a list of authorities because there were ever only going to be two kinds of user’s, admins and non-admins. Administrator access was to be determined by a boolean field in the table. So I needed to override the queries that the default UserDetailsService implementation, JdbcDaoImpl uses and also set an extra role for user’s who were admins. It sounds simple and it actually is simple only if you don’t dive into the documentation.
The table structure and some data (in postgresql) :
01 | CREATE TABLE test.users |
02 | ( |
03 | id integer NOT NULL, |
04 | name character varying(100) NOT NULL, |
05 | email character varying(100) NOT NULL, |
06 | "admin" boolean DEFAULT false, |
07 | "password" character varying(20) |
08 | ) |
09 | WITH |
扫一扫
4552
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
