Merge branch 'userdetailsservice-callback' into 'master'
feature: a callback interface allowing customization of UserDetailsService#loadUserByUsername
This pull request adds a callback interface that allows downstream projects to participate in one of the core Spring Security components of the `local-users` profile: the UserDetailsService.
During an authentication attempt, `UserDetailsService#loadUserByUsername` is used by Spring Security to first check if a User object exists for the username in the credentials. If no User object is found, no further credential check takes place; if a User object is found, other Spring Security components go about comparing the provided credentials in the authentication attempt to that object.
We have a use case in DoIT Number that is driving the need for this. DoIT Number has a custom `UWUserDetails` class that has some additional fields stored behind a DAO. If we didn't have this customization, DoIT Number would need to sub-class `LocalUserDetailsManagerImpl`, then somehow exclude that bean from the UWSpringSecurityConfiguration - not trivially possible.
The existing `LocalUserDetailsAttributesMapper` interface has a lifecycle that's not conducive to this type of request. Implementations of that interface are executed during application startup - and it is possible that the DAO may not be fully constructed at the time it's queried. We need a callback that fires at time of authentication attempt - not startup.
With this pull request, DoIT Number will simply have to register a Spring Bean as follows to query that DAO and attach the necessary data to their custom `UWUserDetails` class as part of `UserDetailsService#loadUserByUsername`:
```
@Component
class DNumberLocalUWUserDetailsCallback implements LocalUWUserDetailsCallback<DNumberUserDetailsImpl> {
@Autowired
private ControlDao controlDao;
public void success(DNumberUserDetailsImpl userDetails) {
userDetails.setControls(controlDao.getControls(userDetails.getUsername()));
}
}
```
This type of feature is only needed for `local-users` and not for `preauth`. The `PreauthenticatedUserDetailsAttributeMapper` interface has a lifecycle already similar to LocalUWUserDetailsCallback (firing on authentication attempt, not startup).
Notify @alundholm
See merge request !12
No related branches found
No related tags found
Showing
- pom.xml 1 addition, 1 deletionpom.xml
- uw-spring-security-config/pom.xml 1 addition, 1 deletionuw-spring-security-config/pom.xml
- uw-spring-security-core/pom.xml 1 addition, 1 deletionuw-spring-security-core/pom.xml
- uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsAttributesMapper.java 9 additions, 0 deletions...edu/wisc/uwss/local/LocalUserDetailsAttributesMapper.java
- uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java 19 additions, 1 deletion...java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java
- uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUsersAuthenticationAttemptCallback.java 39 additions, 0 deletions...c/uwss/local/LocalUsersAuthenticationAttemptCallback.java
- uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java 3 additions, 0 deletions...s/preauth/PreauthenticatedUserDetailsAttributeMapper.java
- uw-spring-security-core/src/test/java/edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java 29 additions, 1 deletion.../edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java
- uw-spring-security-sample-war/pom.xml 1 addition, 1 deletionuw-spring-security-sample-war/pom.xml
- uw-spring-security-web/pom.xml 1 addition, 1 deletionuw-spring-security-web/pom.xml
Loading
Please register or sign in to comment