2

I am new to Spring and trying to develop some REST API. I have two types of users: Sellers and Customers. Each has a separate model, DAO class and table in MySQL database and I am using Hibernate to access it.

I have come across various tutorials, such as: http://www.mkyong.com/spring-security/spring-security-hibernate-annotation-example/ , and answers on this site, but I am still not sure how I can implement this for multiple user types.

I was thinking about using different URLs for each login, i.e. /sellerlogin and /customerlogin, but I am not sure exactly how this would work and how I can get different UserDetails object based on the URL. What is the best way to go about this? Any links to references, tutorials, examples and other relevant answers would be greatly appreciated as I am pretty clueless when it comes to Spring Security.

Hydar77
  • 187
  • 1
  • 2
  • 9

1 Answers1

0

I would say that in most cases, it is easiest to have a single login page. To make it simple, you should not allow a seller and a customer to have the same username.

You can distinguish sellers and customers by giving them different authorities, like ROLE_SELLER and ROLE_CUSTOMER.

You need to implement and inject a custom UserDetailsService that queries your DAOs.

holmis83
  • 15,922
  • 5
  • 82
  • 83