Java Reference
In-Depth Information
<bean name="daoAuthenticationProvider"
<property name="userDetailsService" ref="userDetailsService"/>
In this case I am going to use a data access object-based authentication provider:
DaoAuthenticationProvider . This provider assumes that the user's identity is stored in a
relational database. To retrieve this information, it employs a data access object. The
DAO is configured using the userDetailsService property.
The principal and credential combination fetched from the database is matched
with the one passed by the provider manager in the Authentication object. If there's a
successful match, an Authentication object with the user role list will be passed to the
provider manager. A failure results in an AuthenticationException being raised, indicating
a failed identity validation.
The DAOs used by the DaoAuthenticationProvider should implement the
UserDetailsService interface. This again is a single method interface and defines the
method loadUserByUsername . Spring Security provides two ready-made implementations
of this interface, as shown in Figure 6-6.
Figure 6-6. Class diagram: user details service
InMemoryDaoImpl is suitable for quick prototyping and testing. For real-world use, you
need to use JdbcDaoImpl or provide a custom implementation. The UserDetailsService
also needs to be wired up in the Spring application context, as shown in Listing 6-10.
Search WWH ::

Custom Search