Home/ Questions/Q 6794805
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T18:15:58+00:00

i hope this one is an easy one to fix, what i would like

  • 0

i hope this one is an easy one to fix,

what i would like to achieve is to use one login for both consumers and admin’s

here is what i currently have in the applicationContext-security.xml file:

<authentication-manager alias="authenticationManager">
    <!-- DAO Based Security -->
    <authentication-provider>
        <password-encoder hash="sha-256" />
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="SELECT A.user_name AS username, A.consumer_password AS password, A.enabled AS enabled FROM consumer A where A.user_name=?"
            authorities-by-username-query="SELECT A.username as username, A.password as password, R.name as authority FROM admin A, roles R WHERE A.roles=R.id AND A.username=?"/>
    </authentication-provider>
</authentication-manager>

the login works fine for any consumer but i am unable to login from any of the admin accounts

sql return for the admin account:

+----------+------------------------------------------------------------------+-----------+
| username | password                                                         | authority |
+----------+------------------------------------------------------------------+-----------+
| admin    | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 | ADMIN     |
+----------+------------------------------------------------------------------+-----------+

sql return for the consumer account:

+----------+------------------------------------------------------------------+---------+
| username | password                                                         | enabled |
+----------+------------------------------------------------------------------+---------+
| adam     | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 |        |
+----------+------------------------------------------------------------------+---------+
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I understand correctly, consumers accounts are stored in consumer table and admins are stored in admin table. Why you are expecting that admins will be able to login if in users-by-username-query you query only consumers table and not admin table?

    I think the easiest way to accomplish it is to store both customers and admins in one table (let’s say user). Then you can query that table in users-by-username-query to check if user for that login exist (no matter customer or admin) and then check whether a user is customer or admin by querying roles table in authorities-by-username-query.

    Let’s say, roles table may look something like that:

    +----------+------------------------------------------------------------------+
| username | role                                                        
+----------+------------------------------------------------------------------+
| adam     | customer  
+----------+------------------------------------------------------------------+
| admin    | admin
+----------+------------------------------------------------------------------+

    Than you can ask Spring Security at any time if currently logged user is customer or admin (see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/technical-overview.html#core-components , section: Obtaining information about the current user).

    • 0