Spring Security with Spring Boot 2.0: UserDetailsService
As we have seen on a previous post the username and password for our spring application was configured through environmental variables. This is ok for prototype purposes however in real life scenarios we have to provide another way to make the users eligible to login to the application. To do so we use the UserDetailsService Interface.
The user details service comes with the loadUserByUsername function. The loadUserByUsername locates the user based on the username. The result of the search if existing then validates the credentials given through the login form with the user information retrieved through the UserDetailsService.
So let’s start with a very simple custom user details service.
@Service public class UserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { if(username.equals("test")) { return User.withDefaultPasswordEncoder() .username("test") .password("test") .roles("test") .build(); } else { return null; } } }
As you can see the only user who is able to login is the one with the username test. Also spring provides us with a builder when it comes to user details. As a password encoder we have specified the default password encoder which is actually an encoder that does no password hashing at all since we provide the password clear-text.
Although the password encoder will be covered in another tutorial it is always good to remind that you should always hash the password stored in a database for security reasons.
Now do you need to add any extra information? Well no. Just having a bean that implements the UserDetailsService, in you spring context, is enough. Spring security will pick the UserDetailsService implementation you provided and this will be used to authenticate.
For example you can even provide the UserDetailsService by using the @Bean Configuration.
@Configuration public class SecurityConfig { @Bean public UserDetailsService createUserDetailsService() { return new UserDetailsServiceImpl(); } }
By this way regardless where your store your user information whether it is on an sql database, a nosql-database or even a csv file the only thing that you have to do is in your loadUserByUsername to load the user and pass him back by creating a UserDetails object.
Published on Java Code Geeks with permission by Emmanouil Gkatziouras, partner at our JCG program. See the original article here: Spring Security with Spring Boot 2.0: UserDetailsService Opinions expressed by Java Code Geeks contributors are their own. |