5

I'm trying to make an application using spring 3.0. Now I've decided to try my hand at spring-security and hibernate. I've already seen that it's possible to back it with a databasem and I've seen a reference to defining your own queries?

Now the problem I have is that the tutorials I've been finding aren't too clear and that they assume that a user can only have one role. I want to give some users multiple roles.

So I was thinking about a database scheme along the lines of:

User:

  • user_id
  • username
  • password
  • registrationDate

User_Role:

  • user_id
  • role_id

Role:

  • role_id
  • rolename

Now I was wondering if anyone had some pointers to some usefull tutorials/advice/comments.

Improve this question

2 Answers 2

Reset to default
8

You need to implement your own UserDetails (supports multiple roles for each user). This custom UserDetails implementation is then returned by your own UserDetailsService implementation that's injected on your daoAuthenticationProvider.

See also my answer @ Spring Security 3 database authentication with Hibernate for a complete example.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I understood the authentication part from database. But how do we assign the roles from the database? Can you answer my question: stackoverflow.com/questions/6893061/…
0

Something like this:

public class CustomUserService implements UserDetailsService {

   private UserDao userDao;

   public CustomUserService(UserDao u) {
      userDao = u;
   }

   public UserDetails loadUserByUsername(String username) {
      CustomUser user = userDao.getUser(username);
      if (user == null)
         throw new UserNotFoundException("User "+username+" does not exist");
      return user;
   }
}

And your UserDao implementation is a simple DAO that can easily use hibernate annotations and assign multple roles to your CustomUser object. Pretty basic.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.