Random Thoughts Of A Middle-Aged Software Engineer
Spring Security Database Schema – Whitepaper and ExamplesSince I’ve gotten a lot of requests for the white paper and examples for Spring Security, I’m posting them here so that anyone who is interested can download them, rather than my sending them out one request at a time:
Thanks go out to my employer, Chariot Solutions, for whom these were written, for allowing me to post them here.
Java (34)
My name is Rich Freedman.
I live in historic Lambertville, NJ, USA, and I’m a software architect in the Philadelphia, PA area, working for Chariot Solutions, a Java / RoR / Mobile Consulting Company.
I've been developing software professionally for over 20 years, initially in C and C++, and have been specializing in Java development since the early days of version 1.2, and web development for about as long as the web has been in existence (remember archie, veronica, and gopher?).
I'm also an avid GNU/Linux user, and have been using Ubuntu as my sole development environment for several years.
The majority of the content here is likely to be about software (mostly Java) and Linux but I like to cook, so you’ll also find the occasional recipe here as well.
8 Responses to “Spring Security Database Schema – Whitepaper and Examples”
By nyuby on May 26, 2009 | Reply
Thanks, one week i looking for something like this, it’s realy learn me, ..
By nyuby on May 26, 2009 | Reply
Hii, could i request some question, i have try to run your sample code and success, but i can’t still understand, how can authenticationManager inspect and load the username and password form database ? I don’t see anything about some query declaration there, Could you give me a explanation, i’m sory,, i’m very newbie in this context, and your sample code is very eazy for beginner, thanks a lot..
By richfreedman on Jun 6, 2009 | Reply
nyuby – my example was not meant to be a comprehensive tutorial on spring security, rather it was meant to show how you can use spring security to implement true role-based security, rather than the default approach.
Generally, you don’t “load the username and password” yourself, you let the AuthenticationManger do it for you, as in this example – it’s configured in the Spring configuration.
If you want to add additional info to the user, you have to implement AuthenticationManager.
If all you want is to be able to get the user’s name, you can use
Authentication auth = SecurityContextHolder.getContext().getAuthentication();and then work from there – see the javadocs.
If you just want to display the user’s name in a JSP, you can use
<security:authentication property="principal.username" />By nyuby on Jun 21, 2009 | Reply
Thanks, very help full for me…
By Kamal Govindraj on Mar 2, 2010 | Reply
Thank you for sharing this. It is really useful.
By Cesar on Mar 19, 2010 | Reply
hi
Thanks to this tutorial, I implemented this solution in my system ;)
I found a little “problem”, if one group has no permissions associated, the user in this group cannot login. You also have this problem ?
By richfreedman on Mar 19, 2010 | Reply
I’ve never run into a scenario where it makes sense for someone to have no permissions, yet be able to log in. What’s the point?