If you have not generated a project yet, please generate one now!. The generated project is a full functional Spring 3 web application. It is of a great help to learn Spring Security by the example.
The UserDetailsServiceImpl service is the link between the SpringSecurity's world and your user's credential information. As you expect, this class must know how to access the user's login and password. The generated implementation of this service varies depending on whether you follow or not SpringFuse's conventions.
By convention, during the generation phase, SpringFuse looks for 2 specials tables in your database schema, an 'Account' table and a 'Role' table. The account table is expected to store user's login and password informations while the role table is expected to store user's roles.
The 'Account' and the 'Role' tables do not need to be named Account and Role.
SpringFuse assumes that a table is an 'Account' table when it contains at least the following mandatory columns:
| Column name | Is mandatory? | mapped Java type |
|---|---|---|
| "login" OR "username" OR "identifiant" OR "email" OR "emailAddress" OR "mail" | Yes | String |
| "password" OR "pwd" OR "passwd" OR "mot_de_passe" OR "motdepasse" | Yes | String |
| "enabled" OR "is_enabled" OR "isenabled" | No | Boolean |
When the "enabled" column (or one of its variants) is present, it is passed to SpringSecurity along with the username and password. If it is not present, 'true' is passed instead to SpringSecurity.
SpringFuse assumes that a table is a 'Role' table when the table has a many-to-many relationship with the found 'Account' table and when the table contains the following mandatory column:
| Column name | Is mandatory? | mapped Java type |
|---|---|---|
| "authority" OR "name_locale" OR "role_name" OR "role" | Yes | String |
By default, the configuration file generated by Springfuse expects the content of the 'authority' column (or one of its variants) to match one of these role names:
This is just a convention coming from Security's official documentation, if it does not suit your needs, you can change it manually in the files that uses these role names:
If no Account table is found, SpringFuse does as if it had found one named "SF_MOCK_ACCOUNT" and generates a mock Account DAO implementation that returns 2 dummy users (user/user and admin/admin) instead of generating an Hibernate DAO implementation. It is up to you to replace this DAO implementation with your own implementation.
When no role table is found, the user's roles are retrieved using the generated 'AccountModel'.getRoleNames() method, but instead of relying on the many-to-many relationship with a role table, it returns hard coded role names. Please refer to the (SfMock)AccountModel.java generated file for more details.
The login form has a special 'remember me' checkbox. It is activated in spring-security-http.xml
The /logout url is intercepted by SpringSecurity filter which logs out the user. It is configured in spring-security-http.xml. Note that this logout.action url is not a SpringMvc action.
All is configured in the generated project so you can use in your code the @RolesAllowed annotation. We do not use it in the generated code except as an example in the <rootpackage>/service/PasswordService.java to indicates the changePassword method can only be invoked by a user having a ROLE_USER role. In other terms, you have to be logged in to be able to change your password using this method.