2

I have JSF 2.2, Primefaces 3.5, Spring, Spring Security 3.x, Hibernate 4, MySQL web application.

I have enabled Spring Security to work as expected, but I used <user-service/> in which I created two users with different roles ("ROLE_USER", "ROLE_ADMIN"). Now I would like to search for every user in the database, and not to create them manualy in <user-service/>.

applicationContext.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">


    <!--            GLOABL SETTINGS             -->


    <context:component-scan base-package="com.infostroy.adminportal"/>
    <tx:annotation-driven transaction-manager="transactionManager" proxy-target-class="true"/>


    <!--        DATA SOURCE AND PERSISTENCE SETTINGS       -->


    <bean id="propertiesPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
            <list>
                <value>classpath:db.properties</value>
            </list>
        </property>
    </bean>

    <bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
        <property name="dataSource" ref="dmDataSource"/>
        <property name="packagesToScan" value="com.infostroy.adminportal"/>
        <property name="hibernateProperties">
            <props>
                <prop key="hibernate.dialect">${db.dialect}</prop>
                <prop key="hibernate.show_sql">${db.show_sql}</prop>
                <prop key="hibernate.hbm2ddl.auto">${db.hbm2ddl_auto}</prop>
                <prop key="connection.pool_size">${db.pool_size}</prop>
                <prop key="current_session_context_class">${db.current_session_context_class}</prop>
                <prop key="org.hibernate.FlushMode">${db.flush_mode}</prop>
            </props>
        </property>
    </bean>


    <bean id="transactionManager"
          class="org.springframework.orm.hibernate4.HibernateTransactionManager">
        <property name="dataSource" ref="dmDataSource" />
        <property name="sessionFactory" ref="sessionFactory" />
    </bean>


    <bean id="dmDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        <property name="driverClassName" value="${db.driver}" />
        <property name="url" value="${db.url}" />
        <property name="username" value="${db.username}" />
        <property name="password" value="${db.password}" />
        <property name="maxWait" value="5000" />
        <property name="initialSize" value="2" />
        <property name="maxActive" value="100"/>
        <property name="maxIdle" value="50"/>
        <property name="minIdle" value="0"/>
    </bean>

</beans>

spring-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.1.xsd">



    <http auto-config="false" use-expressions="true">
        <intercept-url pattern="/protected/*" access="isAuthenticated()"/>
        <form-login login-page="/login.xhtml" login-processing-url="/j_spring_security_check"
                        default-target-url="/protected/home.xhtml"
                        authentication-failure-url="/loginFailed.xhtml"/>
    </http>




    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="c" password="c" authorities="ROLE_ADMIN" />
                <user name="q" password="q" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>


</beans:beans>

Here's the script to create users table:

CREATE TABLE users (
user_id INT AUTO_INCREMENT,
first_name VARCHAR(20),
last_name VARCHAR(20),
login VARCHAR(20) NOT NULL UNIQUE,
password VARCHAR(32) NOT NULL,
role VARCHAR(20) NOT NULL,
PRIMARY KEY(user_id)
) ENGINE=InnoDB;

Does anyone know how to achieve this? Every answer is highly appreciated and responded quickly!

Thank you.

Improve this question

1 Answer 1

Reset to default
2

Just change the authentication-manager to :

        <authentication-manager>
           <authentication-provider>
            <jdbc-user-service data-source-ref="dmDataSource"

               users-by-username-query="
                  select login as username,password, 1 as enabled 
                  from users where login=?" 

               authorities-by-username-query="
                  select login as username, role as authority from users 
                  where login =?  " 

            />
           </authentication-provider>
        </authentication-manager>

I assume the login field is the username. I hardcoded the enable flag, it's rquired. If you add deleteflag or enabled flag in the future you can replace it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.