Comments on: Writing custom UserDetailsService for spring security

By: TUKsubaru

TUKsubaru — Mon, 19 Jul 2010 08:10:57 +0000

Thank very much…
Code is works.

By: Mr. Kudos

Mr. Kudos — Wed, 23 Jun 2010 02:56:11 +0000

Kudos for the simplicity and objetctiviy. Saved me a lot of time.

By: Screamy

Screamy — Tue, 15 Jun 2010 18:37:50 +0000

Concise, to-the-point and _exactly_ what I was looking for. Thanks!

By: Daniel

Daniel — Mon, 14 Sep 2009 15:56:44 +0000

Thanks for the tutorial, I’m new to Spring Security and it really helped me out!

I want to return my own user Object (with extra parameters ), so I created a custom UserDetailsService and extended org.springframework.security.userdetails.User.

However in my client side application (on successful login) an Object with two parameters is returned:
– authorites
– name (which is the username)

Below is a snippet of my custom UserDetailsService:

public MyUser loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {

String sql = “select * from user where emailAddress like :username”;
MapSqlParameterSource source = new MapSqlParameterSource();
source.addValue(”username”, username);

SimpleJdbcTemplate sjt = new SimpleJdbcTemplate(getDataSource());
MyUser user = sjt.queryForObject(sql, RowMapperUtil.getUserRowMapper(), source);
return user;
}

I’m a bit lost here! I am returning an Object of type MyUser and mapping all the fields correctly, so I am not sure where I am going wrong.

Your help is greatly appreciated,
Daniel

By: Sajitha

Sajitha — Mon, 15 Jun 2009 06:35:01 +0000

Hi,

This was a very useful article
I have a requirement, which is the user account has to be locked after 5 consecutive failed attempts. How can this be acheived. I have to store the details like “First Failed Try Time” and “Locked Flag” in the database.
So basically, I have to customize something after the passwords mismatch. Iam not sure how this is done. Given that iam using Spring’s Form based authentication. Where should i write this Logic??
If any one has got any idea PLEASE..E share.

Regards,
Sajitha

By: manoj

manoj — Tue, 12 May 2009 07:50:56 +0000

Hi,
While I have been able to customize the JasperServer to use existing iBatis/Struts infrastructure and integrate authentication using existing app, there is one thorn. How can I change the login page to accept another field? Say I want user to enter Domain in addition to username and password. And use the three to authenticate and eventually show reports. I have been able to write my custom Dao that validates jasper user from my DB, but how do I get new attribute – domain to reach my Dao, so that it can be used to authenticate the user? While customizing the login page to accept additional fields is straightforward – you just need to modify login.jsp and make it your login page – making the new values reach \’some Java handler\’ is an issue.

Appreciate inputs on this.

By: Gaurav Arora

Gaurav Arora — Wed, 22 Apr 2009 10:20:24 +0000

You can get the user object itself on the next page using SecurityContextHolder.getContext().getAuthentication().getPrincipal(). But you really shouldn’t have to access the user’s ID on the jsp page. All that should be done in the controller.

By: leithold

leithold — Wed, 22 Apr 2009 10:13:24 +0000

Hey its me again. i have a question. i have a user table similar to yours. the thing is, i need to pass the id of the user to the next page when the log-in is successfull. i was wondering how to do this.

(i have a hunch that maybe it has something to do with the form-login
default-target-url but i could be dead wrong)

thanks so much.

By: leithold

leithold — Wed, 22 Apr 2009 09:12:44 +0000

wow thanks so much for this man. ill try it out. hope it works for me.

By: anton

anton — Fri, 06 Mar 2009 15:17:15 +0000

By just adding something like the following to the configuration file it works too (but I'm using an Oracle database)