Class JdbcUserDetailsManager
java.lang.Object
org.springframework.dao.support.DaoSupport
org.springframework.jdbc.core.support.JdbcDaoSupport
org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
org.springframework.security.provisioning.JdbcUserDetailsManager
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.MessageSourceAware
,UserDetailsService
,GroupManager
,UserDetailsManager
Jdbc user management service, based on the same table structure as its parent class,
JdbcDaoImpl.
Provides CRUD operations for both users and groups. Note that if the
enableAuthorities
property is set to false,
calls to createUser, updateUser and deleteUser will not store the authorities from the
UserDetails or delete authorities for the user. Since this class cannot
differentiate between authorities which were loaded for an individual or for a group of
which the individual is a member, it's important that you take this into account when
using this implementation for managing your users.
- Since:
- 2.0
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
protected final org.apache.commons.logging.Log
Fields inherited from class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
DEF_AUTHORITIES_BY_USERNAME_QUERY, DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY, DEF_USERS_BY_USERNAME_QUERY, DEFAULT_USER_SCHEMA_DDL_LOCATION, messages
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addGroupAuthority
(String groupName, GrantedAuthority authority) Assigns a new authority to a group.void
addUserToGroup
(String username, String groupName) Makes a user a member of a particular group.void
changePassword
(String oldPassword, String newPassword) Modify the current user's password.void
createGroup
(String groupName, List<GrantedAuthority> authorities) Creates a new group with the specified list of authorities.protected Authentication
createNewAuthentication
(Authentication currentAuth, String newPassword) void
createUser
(UserDetails user) Create a new user with the supplied details.void
deleteGroup
(String groupName) Removes a group, including all members and authorities.void
deleteUser
(String username) Remove the user with the given login name from the system.Returns the names of all groups that this group manager controls.findGroupAuthorities
(String groupName) Obtains the list of authorities which are assigned to a group.findUsersInGroup
(String groupName) Locates the users who are members of a groupprotected void
initDao()
protected List<UserDetails>
loadUsersByUsername
(String username) Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.void
removeGroupAuthority
(String groupName, GrantedAuthority authority) Deletes an authority from those assigned to a groupvoid
removeUserFromGroup
(String username, String groupName) Deletes a user's membership of a group.void
renameGroup
(String oldName, String newName) Changes the name of a group without altering the assigned authorities or members.void
setAuthenticationManager
(AuthenticationManager authenticationManager) void
setChangePasswordSql
(String changePasswordSql) void
setCreateAuthoritySql
(String createAuthoritySql) void
setCreateUserSql
(String createUserSql) void
setDeleteGroupAuthoritiesSql
(String deleteGroupAuthoritiesSql) void
setDeleteGroupAuthoritySql
(String deleteGroupAuthoritySql) void
setDeleteGroupMemberSql
(String deleteGroupMemberSql) void
setDeleteGroupMembersSql
(String deleteGroupMembersSql) void
setDeleteGroupSql
(String deleteGroupSql) void
setDeleteUserAuthoritiesSql
(String deleteUserAuthoritiesSql) void
setDeleteUserSql
(String deleteUserSql) void
setFindAllGroupsSql
(String findAllGroupsSql) void
setFindGroupIdSql
(String findGroupIdSql) void
setFindUsersInGroupSql
(String findUsersInGroupSql) void
setGroupAuthoritiesSql
(String groupAuthoritiesSql) void
setInsertGroupAuthoritySql
(String insertGroupAuthoritySql) void
setInsertGroupMemberSql
(String insertGroupMemberSql) void
setInsertGroupSql
(String insertGroupSql) void
setRenameGroupSql
(String renameGroupSql) void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setUpdateUserSql
(String updateUserSql) void
setUserCache
(UserCache userCache) Optionally sets the UserCache if one is in use in the application.void
setUserExistsSql
(String userExistsSql) void
updateUser
(UserDetails user) Update the specified user.boolean
userExists
(String username) Check if a user with the supplied login name exists in the system.Methods inherited from class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
addCustomAuthorities, createUserDetails, getAuthoritiesByUsernameQuery, getEnableAuthorities, getEnableGroups, getMessages, getRolePrefix, getUsersByUsernameQuery, isUsernameBasedPrimaryKey, loadGroupAuthorities, loadUserAuthorities, loadUserByUsername, setAuthoritiesByUsernameQuery, setEnableAuthorities, setEnableGroups, setGroupAuthoritiesByUsernameQuery, setMessageSource, setRolePrefix, setUsernameBasedPrimaryKey, setUsersByUsernameQuery
Methods inherited from class org.springframework.jdbc.core.support.JdbcDaoSupport
checkDaoConfig, createJdbcTemplate, getConnection, getDataSource, getExceptionTranslator, getJdbcTemplate, initTemplateConfig, releaseConnection, setDataSource, setJdbcTemplate
Methods inherited from class org.springframework.dao.support.DaoSupport
afterPropertiesSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.core.userdetails.UserDetailsService
loadUserByUsername
-
Field Details
-
DEF_CREATE_USER_SQL
- See Also:
-
DEF_DELETE_USER_SQL
- See Also:
-
DEF_UPDATE_USER_SQL
- See Also:
-
DEF_INSERT_AUTHORITY_SQL
- See Also:
-
DEF_DELETE_USER_AUTHORITIES_SQL
- See Also:
-
DEF_USER_EXISTS_SQL
- See Also:
-
DEF_CHANGE_PASSWORD_SQL
- See Also:
-
DEF_FIND_GROUPS_SQL
- See Also:
-
DEF_FIND_USERS_IN_GROUP_SQL
- See Also:
-
DEF_INSERT_GROUP_SQL
- See Also:
-
DEF_FIND_GROUP_ID_SQL
- See Also:
-
DEF_INSERT_GROUP_AUTHORITY_SQL
- See Also:
-
DEF_DELETE_GROUP_SQL
- See Also:
-
DEF_DELETE_GROUP_AUTHORITIES_SQL
- See Also:
-
DEF_DELETE_GROUP_MEMBERS_SQL
- See Also:
-
DEF_RENAME_GROUP_SQL
- See Also:
-
DEF_INSERT_GROUP_MEMBER_SQL
- See Also:
-
DEF_DELETE_GROUP_MEMBER_SQL
- See Also:
-
DEF_GROUP_AUTHORITIES_QUERY_SQL
- See Also:
-
DEF_DELETE_GROUP_AUTHORITY_SQL
- See Also:
-
logger
protected final org.apache.commons.logging.Log logger
-
-
Constructor Details
-
JdbcUserDetailsManager
public JdbcUserDetailsManager() -
JdbcUserDetailsManager
-
-
Method Details
-
initDao
protected void initDao() throws org.springframework.context.ApplicationContextException- Overrides:
initDao
in classJdbcDaoImpl
- Throws:
org.springframework.context.ApplicationContextException
-
loadUsersByUsername
Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects. There should normally only be one matching user.- Overrides:
loadUsersByUsername
in classJdbcDaoImpl
-
createUser
Description copied from interface:UserDetailsManager
Create a new user with the supplied details.- Specified by:
createUser
in interfaceUserDetailsManager
-
updateUser
Description copied from interface:UserDetailsManager
Update the specified user.- Specified by:
updateUser
in interfaceUserDetailsManager
-
deleteUser
Description copied from interface:UserDetailsManager
Remove the user with the given login name from the system.- Specified by:
deleteUser
in interfaceUserDetailsManager
-
changePassword
Description copied from interface:UserDetailsManager
Modify the current user's password. This should change the user's password in the persistent user repository (database, LDAP etc).- Specified by:
changePassword
in interfaceUserDetailsManager
- Parameters:
oldPassword
- current password (for re-authentication if required)newPassword
- the password to change to- Throws:
AuthenticationException
-
createNewAuthentication
-
userExists
Description copied from interface:UserDetailsManager
Check if a user with the supplied login name exists in the system.- Specified by:
userExists
in interfaceUserDetailsManager
-
findAllGroups
Description copied from interface:GroupManager
Returns the names of all groups that this group manager controls.- Specified by:
findAllGroups
in interfaceGroupManager
-
findUsersInGroup
Description copied from interface:GroupManager
Locates the users who are members of a group- Specified by:
findUsersInGroup
in interfaceGroupManager
- Parameters:
groupName
- the group whose members are required- Returns:
- the usernames of the group members
-
createGroup
Description copied from interface:GroupManager
Creates a new group with the specified list of authorities.- Specified by:
createGroup
in interfaceGroupManager
- Parameters:
groupName
- the name for the new groupauthorities
- the authorities which are to be allocated to this group.
-
deleteGroup
Description copied from interface:GroupManager
Removes a group, including all members and authorities.- Specified by:
deleteGroup
in interfaceGroupManager
- Parameters:
groupName
- the group to remove.
-
renameGroup
Description copied from interface:GroupManager
Changes the name of a group without altering the assigned authorities or members.- Specified by:
renameGroup
in interfaceGroupManager
-
addUserToGroup
Description copied from interface:GroupManager
Makes a user a member of a particular group.- Specified by:
addUserToGroup
in interfaceGroupManager
- Parameters:
username
- the user to be given membership.groupName
- the name of the group to which the user will be added.
-
removeUserFromGroup
Description copied from interface:GroupManager
Deletes a user's membership of a group.- Specified by:
removeUserFromGroup
in interfaceGroupManager
- Parameters:
username
- the usergroupName
- the group to remove them from
-
findGroupAuthorities
Description copied from interface:GroupManager
Obtains the list of authorities which are assigned to a group.- Specified by:
findGroupAuthorities
in interfaceGroupManager
-
removeGroupAuthority
Description copied from interface:GroupManager
Deletes an authority from those assigned to a group- Specified by:
removeGroupAuthority
in interfaceGroupManager
-
addGroupAuthority
Description copied from interface:GroupManager
Assigns a new authority to a group.- Specified by:
addGroupAuthority
in interfaceGroupManager
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setAuthenticationManager
-
setCreateUserSql
-
setDeleteUserSql
-
setUpdateUserSql
-
setCreateAuthoritySql
-
setDeleteUserAuthoritiesSql
-
setUserExistsSql
-
setChangePasswordSql
-
setFindAllGroupsSql
-
setFindUsersInGroupSql
-
setInsertGroupSql
-
setFindGroupIdSql
-
setInsertGroupAuthoritySql
-
setDeleteGroupSql
-
setDeleteGroupAuthoritiesSql
-
setDeleteGroupMembersSql
-
setRenameGroupSql
-
setInsertGroupMemberSql
-
setDeleteGroupMemberSql
-
setGroupAuthoritiesSql
-
setDeleteGroupAuthoritySql
-
setUserCache
Optionally sets the UserCache if one is in use in the application. This allows the user to be removed from the cache after updates have taken place to avoid stale data.- Parameters:
userCache
- the cache used by the AuthenticationManager.
-