UserDetails « Security « Spring Q&A





1. Spring Security UserDetails Best Practice    stackoverflow.com

I am using my own implementation of the UserDetailsService interface to load a User object from the Database and place it as UserDetail into my SecurityContext. The User object is then ...

2. Spring security - Spring doesn't check on isAccountNonLocked for UserDetails on correct login    stackoverflow.com

I'm using Spring 2.5.6 and Spring security 2.0. For login attempts I implements the UserDetails class on my User class. So the User class implements isAccountNonLocked() after a wrong login (dispatch the ...

3. Opensso login and UserDetails    stackoverflow.com

I'm using opensso and headers. When I go to index page everything works fine, but on second page this Details user = (Details) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); turns into String instead of Object. org.springframework.web.util.NestedServletException: Request processing ...

4. Spring Security returning guest instead of UserDetails for Authentication.getPrincipal()    stackoverflow.com

I'm trying to implement spring security 3.1.0.M1 and I'm unable to get my application to set the Authentication.getPrincipal to my custom UserDetails implementation. It always returns a principal of "guest" ...

5. Spring 3 Security error with org.acegisecurity.userdetails.jdbc.JdbcDaoImpl    stackoverflow.com

I just started to program with Spring 3 MVC Validation with Hibernate and MYSQL. I would like to add Spring Security to my project. in MySql I do have ...

6. Spring Security: do UserDetails and UserDetailsService exist in every kind of application which uses Spring Security?    stackoverflow.com

Ive got a question to Spring Security 3.0.5. When using Spring Security to secure web application, does a "UserDetails"-Object always exist? I mean, does every kind of application (even in other systems ...

7. Get UserDetails object from Security Context in Spring MVC controller    stackoverflow.com

I'm using Spring Security 3 and Spring MVC 3.05. I would like to print username of currently logged in user,how can I fetch UserDetails in my Controller?

@RequestMapping(value="/index.html", method=RequestMethod.GET)
    public ...

8. Spring Security how to update userDetails without log in    stackoverflow.com

I'm new to Spring Security. I've implemented UserDetails to create my own user. I also have my custom userDetailsService. And everything works now, but I neen to update information about my user ...

9. Loading UserDetails by username and password in spring security?    stackoverflow.com

I'm pretty new to Spring Security and have run into a problem, hope someone here help: DaoAuthenticationProvider retrieves a user by username ONLY (when you implement UserDetailsService.loadUserByUsername(String username), but my problem is ...





10. Example of custom implementation of UserDetails    stackoverflow.com

i am looking for an example of making custom UserDetails object in spring security 3 and i was hoping if anyone can help, thanks.

11. Unsure how to modify userDetailsService to allow for custom userDetails but keep datasource    stackoverflow.com

what i am trying to do is i'm following this http://www.theserverside.com/tip/-Spring-Security-Customizing-Your-User-and-Authorization-in website to attempt to customise the UserDetails so i can retrieve more fields regarding to the user... as far ...

12. UserDetails.getAuthorities never executed    forum.springsource.org

UserDetails.getAuthorities never executed I'm trying to implement spring security 3.1.0.M1 and I'm unable to get my application to set the Authentication.getPrincipal to my custom UserDetails implementation. It always returns a principal ...

13. Acegi, UserDetails    forum.springsource.org

I have created a custom UserDetails implementation that contains my existing User object, as well as the user name, pass, ect. Is there any way that I can access that object ...

14. synchronizing access to UserDetails (SecurityContext)?    forum.springsource.org

synchronizing access to UserDetails (SecurityContext)? Hello, Ive got some questions to the use of SecurityContext/SecurityContextHolder (and HttpSession). I read, that the SecurityContext is stored as an HttpSession attribute between HTTP requests. ...

15. how to display userdetails in jspx page    forum.springsource.org

how to display userdetails in jspx page Hi, I am implemented to store userdetails in database after that i give edit option to the user in this i created another domain ...

16. Storing Objects with UserDetails-Implementation (or HttpSession) - Serializable?    forum.springsource.org

Storing Objects with UserDetails-Implementation (or HttpSession) - Serializable? Hello together, Ive got a question: do objects which are stored as additional information as member-variables in an individual UserDetails-Implementation (or as attributes ...





17. remember-me without UserDetails    forum.springsource.org

remember-me without UserDetails Hello, here is my security configuration: Code:

18. x509 with separate userdetails and access-denied-handler    forum.springsource.org

x509 with separate userdetails and access-denied-handler I am using x509 client certs with spring security 3.0.7. I authenticate with the client certs and then get user authorities from a ldap server. ...

19. HibernateStatistics available just for entity which implements UserDetails    forum.springsource.org

HibernateStatistics available just for entity which implements UserDetails When I check hibernate statistics service in jconsole for my Spring MVC application I only have statistics for one entity that implements UserDetails ...

20. How do i handle my UserDetails User object being null after tomcat restart.    forum.springsource.org

How do i handle my UserDetails User object being null after tomcat restart. How do i handle the following. A user is logged in successfully and they use the website for ...

21. Invalid property principal.getUsername() function is still in UserDetails... why?    forum.springsource.org

Invalid property principal.getUsername() function is still in UserDetails... why? Code: SEVERE: Servlet.service() for servlet jsp threw exception org.springframework.beans.NotReadablePropertyException: Invalid property 'principal.getUsername()' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]: Bean property 'principal.getUsername()' is not readable ...

22. Encorporating Custom UserDetails    forum.springsource.org

Hi I cannot find anywhere in the docs or this forum where it is possible to either a) add properties to UserDetails or b) (what I really want todo) use my ...

23. Best practice for userDetails and PasswordAuthenticationDao?    forum.springsource.org

Best practice for userDetails and PasswordAuthenticationDao? I'm looking for some opinions on how to best implement a custom UserDetails when creating a custom PasswordAuthenticationDao especially when using Hibernate. My existing User ...

24. How do I get at my UserDetails object from my controllers?    forum.springsource.org

Once Acegi has grabbed my custom UserDetails object from the database and validated it, how can I get at it again from later in my processing, i.e. a SimpleFormController. I've been ...

25. Using a Hibernate UserDetails    forum.springsource.org

Using a Hibernate UserDetails This has been giving me problems for months now, and I'm thinking that there has to be a recommended way to do this. The problem is that, ...

26. CAS authentication and UserDetails    forum.springsource.org

Hi, I don't understand why UsernamePasswordAuthenticationToken overrides getDetails() method and provides UserDetails instance and a similar implementation CasAuthenticationToken does not override getDetails() method and has its own getUserDetails(). Could you explain ...

27. custom UserDetails and User    forum.springsource.org

I'm extreemly new to Acegi and am trying to get to grips with it. basically i am trying to find documentation on wiring up my own User or UserDetails object that ...

28. PrincipalAcegiUserToken hides original UserDetails    forum.springsource.org

PrincipalAcegiUserToken hides original UserDetails I'm using a container authentication adapter (JBoss) that uses PrincipalAcegiUserToken internally. While the adapter has access to the authenticated Authorization object, it doesn't have a way of ...

29. Can't receive custom UserDetails impl with RemoteAuthenticationManagerImpl    forum.springsource.org

I'm working on client-server app with swing ui, and use Spring Remoting and Acegi. On the client side I do the following to authenticate user: Code: UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName, ...

30. CAS and UserDetails    forum.springsource.org

I had the same problem when using a Third-party application that used Acegi for security. It expected UserDetails to be available in the getAuthentication but CAS is different so I actually ...

31. How to get UserDetails from SecurityContextHolder?    forum.springsource.org

Hi, i have my own implementation of UserDetails for authentication and authorization with Acegi. This works fine. my Problem is, that if the User authenticates i think there should be a ...

32. populate other ldap attributes into UserDetails    forum.springsource.org

Hi everybody, How can i set other ldap attributes (sn, adress...) into my UserDetails Implementation. Do i have to extends LdapAuthenticationProvider ? I 'm juste able to retrieve the username and ...

33. Accessing Acegi UserDetails From Spring    forum.springsource.org

Accessing Acegi UserDetails From Spring Sorry, this should probably go in the Acegi forum (thought this was that). --- Hello, I'm attempting to plug Acegi into a JSF+Spring application using SiteMinder ...

34. Accessing UserDetails From Spring    forum.springsource.org

Accessing UserDetails From Spring Hello, I'm attempting to plug Acegi into a JSF+Spring application using SiteMinder for authentication. I've gotten everything configured with the modification to DaoAuthenticationProvider mentioned in the Reference ...

35. Custom UserDetails, UserDetailsService impl fails to getPrincipal as expected.    forum.springsource.org

Custom UserDetails, UserDetailsService impl fails to getPrincipal as expected. Ok, before flaming me, I searched and searched this and other forums. No matter what I try getPrincipal only returns a String. ...

36. I don't understand about Principal and UserDetails ??    forum.springsource.org

I don't understand about Principal and UserDetails ?? Hi all and particularly Ben Alex !!! I am reading reference guide for version 1.0.0 Acegi Security. On page with number 10 show ...

37. UserDetails classnotfound exception    forum.springsource.org

UserDetails classnotfound exception Hi, I'm trying to use acegi with an existing web application built using Spring. I'm pretty new to Acegi so please bare with me here I have the ...

38. Userdetails for an unauthenticated user in ApplicationListener    forum.springsource.org

Userdetails for an unauthenticated user in ApplicationListener i need to lock the user after n login attempts. i have read the posting related to this topic. still unclear as to what's ...

39. Adding UserDetails to every ModelAndView    forum.springsource.org

Adding UserDetails to every ModelAndView Hi, i have spent many hours searching this forum, but I couldn't find a solution which worked for me. One reason for sure is, that I ...

40. UserDetails cached?    forum.springsource.org

I am looking for a way to force acegi to go back to the database to check the users roles when a certain condition is hit. (So that the user won't ...

41. UserDetails immutable    forum.springsource.org

UserDetails immutable I note from the documentation on UserDetails that: "Concrete implementations should be immutable (value object semantics, like a String). This is because the UserDetails will be stored in caches ...

42. Confused about UserDetails    forum.springsource.org

So I have the inMemory security working fine. Now I want to authenticate through users stored in the database. Am I correct in that I need to use the UserDetails interface? ...

43. locked/disabled in UserDetails    forum.springsource.org

44. Access UserDetails object while session is expiring    forum.springsource.org

I have a requirement to write the user's username to a log file when their HTTP session expires (after 30 minutes of inactivity). However, whenever I call Code: SecurityContextHolder.getContext().getAuthentication().getPrincipal(); From within ...

45. AutoWire UserDetails from LDAP    forum.springsource.org

Is it possible to use Spring's AutoWiring ability to automatically populate extensions to LdapUserDetails using data from LDAP Attributes? I figured this would be possible, since this is a Spring sub-project, ...

46. TokenBasedRememberMeServices and UserDetails    forum.springsource.org

Hello, I'm using acegi 1.0.4. I have a question about TokenBasedRememberMeServices. The userDetails object is created from the injected userDetailsService in line 165 Code: userDetails = this.userDetailsService.loadUserByUsername(cookieTokens[0]); In line 205-207 Code: ...

47. SQLException when using org.acegisecurity.userdetails.jdbc.JdbcDaoImpl    forum.springsource.org

SQLException when using org.acegisecurity.userdetails.jdbc.JdbcDaoImpl The configure is like this: SELECT username, password, 'true' as enabled FROM ouruser WHERE username=? ...

48. Forcing a UserDetails to be the current user?    forum.springsource.org

I have a dialog that allows a user to create a new account. After the account has been created successfully, I'd like to tell Acegi to recognize that user as being ...

49. Acegi / LDAP / UserDetails    forum.springsource.org

Acegi / LDAP / UserDetails Hey guys, I'm just curious to know what the recommended method of retrieving additional settings from LDAP would be. I have my application successfully authenticating via ...

50. newbie stuck with org.acegisecurity.userdetails.jdbc.JdbcDaoImpl    forum.springsource.org

newbie stuck with org.acegisecurity.userdetails.jdbc.JdbcDaoImpl Hi, I am a newbie to acegi in spring, I have created my usersByUsernameQuery, but just get log in errors, I am running my app in jetty ...

51. order of status checking on UserDetails appears to leak information    forum.springsource.org

order of status checking on UserDetails appears to leak information After Acegi obtains a UserDetails instance, it proceeds to verify the various status operations by calling the isAccountNonLocked(), isEnabled(), isAccountNonExpired() methods ...

52. X509Provider doesn't check UserDetails for expired, locked, or disabled?    forum.springsource.org

X509Provider doesn't check UserDetails for expired, locked, or disabled? Checking through the source code for the X509Provider I noticed that it does not check if the UserDetails object loaded in authenticate ...

53. passwordEncoder, UserDetails holds the encoded password, bug or intended ?    forum.springsource.org

When passwordEncoder is used user object saves the encoded password, not the raw password passed. Is it a ...

54. Hwo to clear persisted UserDetails? (v1)    forum.springsource.org

Hwo to clear persisted UserDetails? (v1) I am running Acegi 1.x, and when I restart Tomcat it is persisting the current user sessions (UserDetails) to disk somewhere. When I restart Tomcat ...

55. Only one UserDetails allowed: why?    forum.springsource.org

Only one UserDetails allowed: why? Hi, Trying to upgrade to Spring Security on an Appfuse based project I'm running into a problem where I have a UserDetails interface applied and Appfuse ...

56. Array of online UserDetails    forum.springsource.org

Array of online UserDetails When I'm trying to get all online users from SessionRegistry with Code: sessionRegistry.getAllPrincipals() I get an array of strings. But I'm using my user-service with my own ...

57. Under what circumstances does getPrincipal return an Object instead of UserDetails?    forum.springsource.org

Reading through the documentation one more time, it struck me that this code is very odd: Code: Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (obj instanceof UserDetails) { String username = ((UserDetails)obj).getUsername(); } ...

58. Adding authorities on the fly - better to do it in Authentication, or in UserDetails?    forum.springsource.org

Adding authorities on the fly - better to do it in Authentication, or in UserDetails? Hi again, I saw a couple of suggestions elsewhere on this forum that the correct way ...

59. Getting UserDetails from Custom PasswordEncoder    forum.springsource.org

Getting UserDetails from Custom PasswordEncoder Hello, I am writing a custom PasswordEncoder and I was wondering if there was a way to access the entire UserDetails object from the isPasswordValid method ...

61. Finding an alternative to use an id or some sort instead of UserDetails    forum.springsource.org

I have a UserDetails object that I use in setting the RememberMeAuthenticationToken. Is there a way of setting the RememberMeAuthenticationToken by passing in a sessionId instead of the passing in the ...

62. UserDetails object - SecurityContext    forum.springsource.org

UserDetails object - SecurityContext I was wondering if someone could give me a hint as to the next steps I need to take: I have a UserDetails object that I have ...

63. Accessing customized UserDetails data from webflow    forum.springsource.org

Hi all, I have customized user details service to have give a custom data object containing information like, company, email other than username,etc. Now I want to access this information inside ...

64. UserDetails in Controller    forum.springsource.org

Hi everyone, I have a custom UserDetails object which i am using fine at the moment. I need to get access to the UserDetails object in a controller. Should I be ...

65. LDAP custom UserDetails    forum.springsource.org

LDAP custom UserDetails Hi - sorry to have to post this, but I've become rather confused. I am using namespace config to successfully log in via LDAP. This is my current ...

66. Why does SaltSource requires UserDetails object?    forum.springsource.org

The documentation for that method says "Returns the salt to use for the indicated user" so that implies to me that it's calling one or more of the getters on the ...

67. Appending app specific user info to UserDetails?    forum.springsource.org

Appending app specific user info to UserDetails? I'm designing a web application that will employ Spring Security, and my basic assumption is that most deployments will employ their own authentication mechanisms/providers. ...

68. Extending userdetails.User    forum.springsource.org

Extending userdetails.User Hi, I want my userDetails.User to have more information than password and username...etc I wan to include menuPage in this user. So what I did is extend the userDetails ...

69. Mulitple UserDetails/Contexts    forum.springsource.org

Mulitple UserDetails/Contexts Hello, Just wondering if this is possible or if I should look at an alternative solution... I have an application that is in a multi-tentant like configuration with the ...

70. Access to CredentialsNonExpired in UserDetails via Security Tag Library    forum.springsource.org

Access to CredentialsNonExpired in UserDetails via Security Tag Library I am trying to access the CredentialsNonExpired in UserDetails via the Security Tag Library for JSP. When I use the tag as ...

71. Access Session-scope bean in UserDetails    forum.springsource.org

Access Session-scope bean in UserDetails Hello, I am trying to create a web application where a user must answer "Yes" to a question, before being able to access the other parts ...

72. UserDetails Best Practice    forum.springsource.org

UserDetails Best Practice In my application I have a User Domain Model that is used by the UserDetailsService to retrieve the user information from the database. The User is mapped my ...

73. Form-based login with UserDetails service    forum.springsource.org

Hi I'm trying to use form-based login with UserDetails service. Can someone explain how to do the following, 1. How to create custom form/controller that is compatible spring security? 2. How ...

74. custom Userdetails with Ldap    forum.springsource.org

custom Userdetails with Ldap Hi, i guess that someone already had this problem, but i felt like i wrote everything about this without finding my way so i ask for help ...

75. Custom UserDetails as a principal in EJB    forum.springsource.org

Hi all, In EJB3 implementation there is a way of calling to a Principal through SessionContext. But this one is instance of com.sun.enterprise.deployment.PrincipalImpl. I'm using spring security in my application with ...

76. How do perople support UserDetails.isEnabled?    forum.springsource.org

How do perople support UserDetails.isEnabled? The UserDetails interface declares a boolean isEnabled() method. The classes that implement it have ways of setting an instance enabled variable; the User class has constructors ...

77. Setting up custom userdetails    forum.springsource.org

Setting up custom userdetails Hey there, I just got started using Spring security and need some help customizing it. I have it up and running against a database with the default ...

78. Extending UserDetails    forum.springsource.org

I use a properties-file to store my user information. The app is just for demonstration purposes, so I want to keep it simple and don't use a db or ldap. Code: ...

79. Custom UserDetails - Please Help Newbie!    forum.springsource.org

Custom UserDetails - Please Help Newbie! Hi, I am new to Spring and have been struggling trying to get to grips with how I can create or overide the default login ...

80. Want remember-me to return UserDetails    forum.springsource.org

Want remember-me to return UserDetails I have Spring Security 3.0 working with an Alfresco CMS back-end (which was not easy since Alfresco won't give you back passwords, even hashed ones). I ...

81. Accessing Extended UserDetails in JSP    forum.springsource.org

Accessing Extended UserDetails in JSP Hi, I have a class called AuthenticatedUser which is created when overiding the jdbcDaoImpl method loadUserByUsername, and which contains some additional information I require about the ...

82. Hmm, my UserDetails class can't see a finder method in an entity class    forum.springsource.org

Hmm, my UserDetails class can't see a finder method in an entity class So, one of my entity classes is one to one with a User, so I am creating a ...

83. Reload/Update custom UserDetails without logging out    forum.springsource.org

I'm using Spring Security 3 with CAS to manage my authentication. I have a requirement where I need to update my custom UserDetails object. This currently holds the authorities and user ...

84. Where to set additional properties for custom UserDetails    forum.springsource.org

Hi, I am using the ldap provider. I also need to validate that this user is created in a relational database and store a primary key in my UserDetails. I did ...

85. java.lang.NoClassDefFoundError: net/sf/acegisecurity/providers/dao/UserDetails proble    forum.springsource.org

java.lang.NoClassDefFoundError: net/sf/acegisecurity/providers/dao/UserDetails proble Hi, I included acegi-security-1.0.7.jar and acegi-security-catalina-1.0.7.jar (done this without the acegi-security-catalina-1.0.7.jar also), but I get the error: java.lang.NoClassDefFoundError: net/sf/acegisecurity/providers/dao/UserDetails I checked the jar and it cannot find this ...

86. Why does UserDetails extend Serializable?    forum.springsource.org

Isn't that a decision for each application? Now I need to hassle with serialVersionUID all over the place. I am still new to the Java world....can someone enlighten me?

87. UserDetails.getPassword    forum.springsource.org

Please pardon me if the question is really stupid, but just out of need I do not want to store user password in the session-wide available userdetails implementation object. java.lang.String getPassword() ...

88. SAML: Populating the UserDetails object    forum.springsource.org

I have successfully implemented the SAML extenstion to my project. But I cannot figure out how to populate my UserDetails object. I read the documentation Vladimir Schfer wrote about this, but ...

89. New to Spring - Custom Authentication with UserDetails    forum.springsource.org

If you are using the latest version, this configuration should give an error. You can't use "ref" and "user-service-ref" together. Use one or the other. You can use multiple elements ...

90. Spring doesnt check on isAccountNonLocked for UserDetails on correct login    forum.springsource.org

Spring doesnt check on isAccountNonLocked for UserDetails on correct login I'm using Spring 2.5.6 and Spring security 2.0. For login attempts I implements the UserDetails class on my User class. So ...

91. Accessing UserDetails object in Controller    forum.springsource.org

Hi All, I'm using spring security 3. I wanted to know how to access the custom UserDetails object in the controller. Previously there was SecurityContextHolder.getContext()....... for this but I'm not able ...

92. UserDetails data stored in ContextHolder    forum.springsource.org

UserDetails data stored in ContextHolder Hi, I created my own implementation of UserDetails and UserDetailsService. But I don't know how this will work. I want to store with username and credentials ...

93. Custom UserDetails    forum.springsource.org

Custom UserDetails Hello, I have been stumped for days. I am trying to use Spring Security 3.0.0 to authenticate against a MySQL database using Hibernate 3 (with annotations). I have implemented ...

94. How to pass object between AuthenticationHandler and UserDetails on different applica    forum.springsource.org

How to pass object between AuthenticationHandler and UserDetails on different applica Hi there, 1. I have CAS server running on tomcat machine1. AuthenticationHandler in the deployerConfigContext.xml is customized to talk to ...

95. userDetails boolean properties    forum.springsource.org

The UserDetails interface has four calls to inquire if the user information has expired, has been locked, if the credentials have been expired and if the information is enabled or not. ...

96. Custom userdetails not called after upgrade    forum.springsource.org

Custom userdetails not called after upgrade Hi, I'm trying to upgrade to Spring Security 3.0.3 and when I got the application running it seems like it isn't calling my custom user ...

97. Principal binds a Principal, but not *the* (UserDetails) Principal    forum.springsource.org

Principal binds a Principal, but not *the* (UserDetails) Principal Not sure if I'm doing something unusual, or just have the wrong expectations, or just posting a warning/info to others... binding a ...