Spring 3.2 Security - Login with non-unique username and additional info

3
votes

The title tries to explain the scenario:

This customer has a login functionality that allows users with the same name but on different locations (stores).

At the login page the user informs userName, password and the required store.

Using Spring Security (with JPA) I created an UserDetailsService implementation but this interface always receive an userName (and the store was essential to differ from another users).

Giving this situation I have two questions:

  1. How do I inform the spring security about the additional field? (store)

  2. How do I implement an UserDetailsService with this info?

Is that even possible? I've been doing some research but the solutions weren't clear. Thank you guys, you are the best =D

1
javaspringspring-security
Did you managed to solve your problem ? - truekiller

1 Answers

1
votes

Your question is not all clear to me. Do you have a unique login for multiple stores? Then you don't need to give the store to your UserDetailsService implementation. I would simply load the user information using its username and if the users are not authorized for all the stores, you could use the GrantedAuthority to define where the users is authorized, e.g. ROLE_STORE_ID1, ROLE_STORE_ID2, etc.

If you have multiple stores where users are not shared, then you could simply create a configurable custom implementation of UserDetailsService, instantiate one per store and uses the correct instance depending on the store the user is accessing.

I hope this will help.