Java Reference
In-Depth Information
</property>
</bean>
<bean name="daoAuthenticationProvider"
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
</beans>
In this case I am going to use a data access object-based authentication provider:
DaoAuthenticationProvider
. This provider assumes that the user's identity is stored in a
relational database. To retrieve this information, it employs a data access object. The
DAO is configured using the
userDetailsService
property.
The principal and credential combination fetched from the database is matched
with the one passed by the provider manager in the
Authentication
object. If there's a
successful match, an
Authentication
object with the user role list will be passed to the
provider manager. A failure results in an
AuthenticationException
being raised, indicating
a failed identity validation.
The DAOs used by the
DaoAuthenticationProvider
should implement the
UserDetailsService
interface. This again is a single method interface and defines the
method
loadUserByUsername
. Spring Security provides two ready-made implementations
of this interface, as shown in Figure 6-6.
Figure 6-6.
Class diagram: user details service
InMemoryDaoImpl
is suitable for quick prototyping and testing. For real-world use, you
need to use
JdbcDaoImpl
or provide a custom implementation. The
UserDetailsService
also needs to be wired up in the Spring application context, as shown in Listing 6-10.
