SPRING in ACTION 4th Note-Chapter Nineth securing how Web applications-008-validates a user when using a non-relational database (custom userservice)

One

1. Defining the interface

Suppose. Need to authenticate against users in a non-relational database such
As Mongo or neo4j. In this case, you'll need to implement a custom implementation
of the Userdetailsservice interface.

1  Public Interface Userdetailsservice {2     throws usernamenotfoundexception; 3 }

2. Implementing the interface

All your need to do are implement the Loaduserbyusername () method to find a user
Given the user ' s username. Loaduserbyusername () then returns a Userdetails object
Representing the given user. The following listing shows an implementation of
Userdetailsservice that looks up a user from a given implementation of spitter-
Repository

1  Packagespittr.security;2 Importorg.springframework.security.core.GrantedAuthority;3 Importorg.springframework.security.core.authority.4 simplegrantedauthority;5 ImportOrg.springframework.security.core.userdetails.User;6 Importorg.springframework.security.core.userdetails.UserDetails;7 Importorg.springframework.security.core.userdetails.8 Userdetailsservice;9 Importorg.springframework.security.core.userdetails.Ten usernamenotfoundexception; One Importspittr. Spitter; A Importspittr.data.SpitterRepository; -  -  Public classSpitteruserserviceImplementsUserdetailsservice { the  -     Private Finalspitterrepository spitterrepository; -  -      PublicSpitteruserservice (spitterrepository spitterrepository) { +          This. Spitterrepository =spitterrepository; -     } +  A @Override at      PublicUserdetails Loaduserbyusername (String username)throwsusernamenotfoundexception { -Spitter Spitter =Spitterrepository.findbyusername (username); -         if(Spitter! =NULL) { -List < grantedauthority > authorities =NewArrayList < grantedauthority > (); -Authorities.add (NewSimplegrantedauthority ("Role_spitter")); -             return NewUser ( in spitter.getusername (), - Spitter.getpassword (), to authorities); +         } -         Throw NewUsernamenotfoundexception ("User" + username + "' not found.")); the     } *}

What's interesting about spitteruserservice are that it have no idea how the user data
is persisted. The spitterrepository it ' s given could look up the spitter from a rela-
tional database, from a database, from a graph database, or it could just
Make it up. Spitteruserservice doesn ' t know or care about underlying data storage is
Used. It just fetches the Spitter object and uses it to create a User object. (User is a
Concrete implementation of userdetails.)

3. Configure the Service

To use Spitteruserservice to authenticate users, you can configure it in your
Security configuration with the Userdetailsservice () method:

@AutowiredSpitterRepository spitterrepository; @Override protected void Configure (Authenticationmanagerbuilder auth) throws Exception {    auth        . Userdetailsservice (new  Spitteruserservice (spitterrepository)) ;}

The Userdetailsservice () method (like Jdbcauthentication (), LdapAuthentication,
and Inmemoryauthentication ()) configures a configuration store. But instead of using
One of the Spring ' s provided user stores, it takes any implementation of Userdetailsservice.
Another option worth considering is this you could the change spitter so it
Implements Userdetailsservice. By doing this, you could return the Spitter
Directly from the Loaduserbyusername () method without copying it values into a
User object.

SPRING in ACTION 4th Note-Chapter Nineth securing how Web applications-008-validates a user when using a non-relational database (custom userservice)