Home/ Questions/Q 9206001
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T00:05:02+00:00

I’m using Spring Security (v3.1.3) for X.509 authentication in my web-application. Users and roles

  • 0

I’m using Spring Security (v3.1.3) for X.509 authentication in my web-application. Users and roles are stored in the Database, but I don’t actually need to do it, as CNs of client certificates conform to “[ROLE] – [USERNAME]” schema, which means I already have username and role from the certificate itself. So how to eliminate the database without too much effort? Should I write my own implementation of user-service, which will populate UserDetails, or is there more graceful method?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, the simplest option is probably to write a custom AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>. The implementations would be something like this:

    UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) {
    X509Certificate certificate = (X509Certificate[)token.getCredentials();

    // Extract what you want from the certificate
    ...

    // Create the user information
    UserDetails user = ...

    return user;
}

    You should be able to use a reference to this bean directly in the user-service-ref namespace attribute <x509 user-service-ref='yourUserServiceBean' />.

    • 0