Spring Security Custom User Detail Service: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 8: Line 8:


Combining application authentication and authorization with domain model user information largely consists in the following steps:
Combining application authentication and authorization with domain model user information largely consists in the following steps:
* Declare a User entity that should implement the Spring [https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetails.html UserDetails] interface. Implementation of UserDetails provides essential user information to the framework, in a standard fashion (whether the account is enabled or not, authorities, etc.). Implementing UserInterface on a generic user domain model entity is the programmatic way of modifying the generic user entity to make it useful for authentication.
* Declare a User entity that should implement the Spring [https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetails.html UserDetails] interface. Implementation of UserDetails provides essential user information to the framework, in a standard fashion (whether the account is enabled or not, [[Spring_Security_Concepts#Authority|authorities]], etc.). Implementing UserInterface on a generic user domain model entity is the programmatic way of modifying the generic user entity to make it useful for authentication.


=Playground Example=
=Playground Example=


{{External|[https://github.com/ovidiuf/playground/tree/master/spring/spring-in-action/cap4-security-user-detail-service Playground - Spring Security - User Detail Service]}}
{{External|[https://github.com/ovidiuf/playground/tree/master/spring/spring-in-action/cap4-security-user-detail-service Playground - Spring Security - User Detail Service]}}

Revision as of 20:15, 10 November 2018

Internal

Overview

This approach is useful for the situation in which the user information should be part of the application's domain model.

Combining application authentication and authorization with domain model user information largely consists in the following steps:

  • Declare a User entity that should implement the Spring UserDetails interface. Implementation of UserDetails provides essential user information to the framework, in a standard fashion (whether the account is enabled or not, authorities, etc.). Implementing UserInterface on a generic user domain model entity is the programmatic way of modifying the generic user entity to make it useful for authentication.

Playground Example

Playground - Spring Security - User Detail Service