1
votes

I just want to ask if it is possible to use other properties excluding username & password of a domain class for logging in?

For example I have a Person domain class that has a one-to-one relationship to Account domain class. And I want to authenticate my user using their firstName & birthDate properties found in Person domain class.

Is there a configuration that I can do to make this possible?

1

1 Answers

2
votes

Yes. That's possible.

You have to write a customized authentication-provider, in which you may take parameters you like to do the authentication.

As an example, you may have something like this:

public class MyUserDetailsService implements UserDetailsService{
    @Override
    public UserDetails loadUserByUsername(String username){
        //You have to override this method to have your desired action
        //If those criteria are not satisfied you may return null
        //Otherwise have an UserDetails filled and returned
        org.springframework.security.core.userdetails.User userDetails = new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.getIsActive(), true, true, true, getAuthorities(user));
        return userDetails

    }

And in your bean configuration, use your own authentication-provider like this:

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider user-service-ref="myUserDetailsService"/>
</sec:authentication-manager>