Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Looking at the requirements I can see not much of Spring Security design, this can be easily managed with more or less basic Spring Security configuration. For authentication part I would go with implementing UserDetails and UserDetailsService interfaces, i.e. creating custom authentication provider. UserDetails covers domain model logic representing Spring Security-aware entity on this layer. This is usually combined with application User entity, like this:</p> <pre><code>@Entity @Table(name="APP_USER") public class User implements Serializable, UserDetails { @Id @Column(name="ID") private Long id; @Column(name="IS_ACTIVE", nullable=false) private Boolean isActive; @Column(name="USERNAME", nullable=false, unique=true) private String username; @Column(name="PASSWORD", nullable=false) private String password; … @Override public String getPassword() { return password; } @Override public boolean isEnabled() { return isActive; } @Override public boolean isCredentialsNonExpired() { return isActive; } @Override public boolean isAccountNonLocked() { return isActive; } @Override public boolean isAccountNonExpired() { return isActive; } @Override public Set&lt;GrantedAuthority&gt; getAuthorities() { Set&lt;GrantedAuthority&gt; authorities = new HashSet&lt;GrantedAuthority&gt;(); authorities.add(new SimpleGrantedAuthority("ROLE_USER")); return authorities; } } </code></pre> <p>Notice a number of overridden methods, this is a consequence of implementing UserDetails and required for authentication to work properly.</p> <p>UserDetailsService resides on a service layer and represents Spring Security-compatible implementation of authentication provider which works with UserDetails objects:</p> <pre><code>@Service public class UserServiceImpl implements UserService, UserDetailsService { … @Override @Transactional(readOnly=true) public UserDetails loadUserByUsername(String username) { return userDao.getUserByUsername(username); } } </code></pre> <p>Here too you are free to combine it with your services, for instance working with application user entity. The example implies using DAO to fetch UserDetails objects which depends on your persistence framework.</p> <p>Regarding protecting the images with passwords I would not go with Spring Security for this since for me it sounds more like a functional requirement rather than security one.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload