Home/ Questions/Q 8795975
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T23:30:47+00:00

My application is based on Spring 3, Hibernate 3, MySQL. I read the Spring

  • 0

My application is based on Spring 3, Hibernate 3, MySQL. I read the Spring Security document and learnt that I can implement Authentication as given below,

<authentication-manager>
   <authentication-provider>
    <jdbc-user-service data-source-ref="dataSource"

       users-by-username-query="
          select username,password, enabled 
          from users where username=?" 

       authorities-by-username-query="
          select u.username, ur.authority from users u, user_roles ur 
          where u.user_id = ur.user_id and u.username =?  " 

    />
   </authentication-provider>
</authentication-manager>

I understood above part but my concern is, in my application user table doesn’t only store the userName, password and enabled field. It also stores first and last name, emailID, phone etc. On successful authentication, I want next jsp to populate all user details automatically and not ask user the same information which it will ask to non-regirstered user.

  1. I want to use annotation based configuration and not xml based (unlike
    mentioned in spring 2.5 examples)
  2. spring document doesnt use hibernate for security. Should i use
    hibernate or jdbc-user-service? if hibernate then how?
  3. I saw couple of examples use customized UserService. Is that I need
    to do as well?

Can someone kindly advice with good examples? any references to other posts will help too.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As for now Spring Security is mostly configured without annotations, but you can use special XML namespace for simple customization of Spring Security.

    You need to implement your own UserDetailsService which will be responsible for loading details of the user from persistent store.

    UserDetailsService interface has just one method

    UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;

    After implementing and creating bean of your component you need to inject it:

    <authentication-manager>
   <authentication-provider user-service-ref="myUserDetailsService"/>
</authentication-manager>

    More in Spring Security Docs:

    http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#tech-userdetailsservice

    http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#nsa-authentication-provider

    If you don’t have information like enabled in your database, you will always have to put true value in your UserDetails object for that field.

    • 0