Authentication with Spring Security with usersByUsernameQuery...

Question

Combination of corporateId and username is unique for us in the user table.

I know spring provide a mechanism to write custom query for the authentication.

<bean id="authenticationDao"
    class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
    <property name="dataSource" ref bean="dataSource" />
    <property name="usersByUsernameQuery">
        <value>
            SELECT username,password,enabled
            FROM User WHERE username=? and corporateId=?
        </value>
    </property>
</bean>

But problem here is we have two bind variables in the query instead of one. I am not sure how do I use spring security framework with this db structure. Primary key of User table is UserId. Is there any to put preprocessor before calling authenticate method by which I can fetch userId by the combination of username and corporateId and then use this SELECT username,password,enabled FROM User WHERE userid=? query.

Any help would be highly appericated.

Answer 1

If default JdbcDaoImpl doesn't meet your needs, you may implement your own UserDetailsService:

<bean id="authenticationDao" 
    class="... your implementation class ..." />

Answer 2

I think you need your own authentication provider since you plan on attempting to match against username, password AND corporate id, the userDetailsService returns the object once the authentication is successful.

take a look at this question and answer, I think it will lead you down the right path

http://stackoverflow.com/questions/448204/creating-a-custom-authentication-with-acegi-spring-security