0

I am trying to develop a User management tool using Waffle to perform windows authentication with Spring Security. Unfortunately, The only thing that provides me is the authentication part.

I would like to assign a Role to a particular user session in order to limit a users privileges. Each username is stored in a database along with their associated role. How can I get Spring Security to query my database and load the associated role to the session, so that I can use the @PreAuthorize(hasRole(role)) annotation in my controller to restrict access to certain actions?

Edit: Thanks for your answer but I don't think thats quite what I am looking for. So I have made some progress(I think). For my Authentication provider I have created my own custom GrantedAuthorityFactory as a property of my waffleSpringAuthenticationProvider as follows:

<bean id="waffleSpringAuthenticationProvider" class="waffle.spring.WindowsAuthenticationProvider">
    <property name="AllowGuestLogin" value="false" />
    <property name="PrincipalFormat" value="fqn" />
    <property name="RoleFormat" value="both" />
    <property name="AuthProvider" ref="waffleWindowsAuthProvider" />
    <property name="grantedAuthorityFactory" ref ="simpleGrantedAuthorityFactory"/>
    <!--  -->

</bean>

The grantedAuthorityFactory code is as follows:

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.security.core.GrantedAuthority;

import waffle.spring.GrantedAuthorityFactory;
import waffle.windows.auth.WindowsAccount;

public class SimpleGrantedAuthorityFactory implements GrantedAuthorityFactory{

    private final String PREFIX;
    private final boolean CONVERT_TO_UPPER_CASE;

    @Autowired
    @Qualifier(value = "jdbcRoleDao")
    private JdbcRoleDao jdbcRoleDao;


    public SimpleGrantedAuthorityFactory(String prefix, boolean convertToUpperCase)
    {
        PREFIX = prefix;
        CONVERT_TO_UPPER_CASE = convertToUpperCase;
    }

    @Override
    public GrantedAuthority createGrantedAuthority(WindowsAccount windowsAccount) {

        System.out.println("Username: "+windowsAccount.getFqn());
        String grantedAuthorityString = windowsAccount.getFqn();

        String grantedAuthority = jdbcRoleDao.getRole(grantedAuthorityString);
        return new SimpleGrantedAuthority(PREFIX+grantedAuthority);
    }

}

Now when I run the program and try to log in, the login fails. When I remove my custom factory property from the config file, the login is completed successfully with no assigned roles. I'm not sure if this is important, but windowsAccount.getFqn() is not returning the correct username that I enter on my login form. Is there something I'm missing from my factory class?

Kyle Bauer
  • 83
  • 1
  • 1
  • 9

1 Answers1

0

You have two options:

  • Configure JdbcDaoImpl as your UserDetailsService if you use provided DB schema

    <authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="yourDataSource">
    </authentication-provider>
</authentication-manager>

  • Write and configure your own UserDetailsService if you use custom DB schema.

    <authentication-manager>
    <authentication-provider user-service-ref="idOfYourCustomUserDetailsService" />
</authentication-manager>
Maksym Demidas
  • 7,707
  • 1
  • 29
  • 36