org.springframework.security.provisioning
Class JdbcUserDetailsManager

java.lang.Object
  extended by org.springframework.dao.support.DaoSupport
      extended by org.springframework.jdbc.core.support.JdbcDaoSupport
          extended by org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
              extended by org.springframework.security.provisioning.JdbcUserDetailsManager
All Implemented Interfaces:
InitializingBean, UserDetailsService, GroupManager, UserDetailsManager

public class JdbcUserDetailsManager
extends JdbcDaoImpl
implements UserDetailsManager, GroupManager

Jdbc user management service, based on the same table structure as its parent class, JdbcDaoImpl.

Provides CRUD operations for both users and groups. Note that if the enableAuthorities property is set to false, calls to createUser, updateUser and deleteUser will not store the authorities from the UserDetails or delete authorities for the user. Since this class cannot differentiate between authorities which were loaded for an individual or for a group of which the individual is a member, it's important that you take this into account when using this implementation for managing your users.

Since:
2.0

Field Summary
static String DEF_CHANGE_PASSWORD_SQL
           
static String DEF_CREATE_USER_SQL
           
static String DEF_DELETE_GROUP_AUTHORITIES_SQL
           
static String DEF_DELETE_GROUP_AUTHORITY_SQL
           
static String DEF_DELETE_GROUP_MEMBER_SQL
           
static String DEF_DELETE_GROUP_MEMBERS_SQL
           
static String DEF_DELETE_GROUP_SQL
           
static String DEF_DELETE_USER_AUTHORITIES_SQL
           
static String DEF_DELETE_USER_SQL
           
static String DEF_FIND_GROUP_ID_SQL
           
static String DEF_FIND_GROUPS_SQL
           
static String DEF_FIND_USERS_IN_GROUP_SQL
           
static String DEF_GROUP_AUTHORITIES_QUERY_SQL
           
static String DEF_INSERT_AUTHORITY_SQL
           
static String DEF_INSERT_GROUP_AUTHORITY_SQL
           
static String DEF_INSERT_GROUP_MEMBER_SQL
           
static String DEF_INSERT_GROUP_SQL
           
static String DEF_RENAME_GROUP_SQL
           
static String DEF_UPDATE_USER_SQL
           
static String DEF_USER_EXISTS_SQL
           
protected  org.apache.commons.logging.Log logger
           
 
Fields inherited from class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
DEF_AUTHORITIES_BY_USERNAME_QUERY, DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY, DEF_USERS_BY_USERNAME_QUERY, messages
 
Constructor Summary
JdbcUserDetailsManager()
           
 
Method Summary
 void addGroupAuthority(String groupName, GrantedAuthority authority)
          Assigns a new authority to a group.
 void addUserToGroup(String username, String groupName)
          Makes a user a member of a particular group.
 void changePassword(String oldPassword, String newPassword)
          Modify the current user's password.
 void createGroup(String groupName, List<GrantedAuthority> authorities)
          Creates a new group with the specified list of authorities.
protected  Authentication createNewAuthentication(Authentication currentAuth, String newPassword)
           
 void createUser(UserDetails user)
          Create a new user with the supplied details.
 void deleteGroup(String groupName)
          Removes a group, including all members and authorities.
 void deleteUser(String username)
          Remove the user with the given login name from the system.
 List<String> findAllGroups()
          Returns the names of all groups that this group manager controls.
 List<GrantedAuthority> findGroupAuthorities(String groupName)
          Obtains the list of authorities which are assigned to a group.
 List<String> findUsersInGroup(String groupName)
          Locates the users who are members of a group
protected  void initDao()
           
 void removeGroupAuthority(String groupName, GrantedAuthority authority)
          Deletes an authority from those assigned to a group
 void removeUserFromGroup(String username, String groupName)
          Deletes a user's membership of a group.
 void renameGroup(String oldName, String newName)
          Changes the name of a group without altering the assigned authorities or members.
 void setAuthenticationManager(AuthenticationManager authenticationManager)
           
 void setChangePasswordSql(String changePasswordSql)
           
 void setCreateAuthoritySql(String createAuthoritySql)
           
 void setCreateUserSql(String createUserSql)
           
 void setDeleteUserAuthoritiesSql(String deleteUserAuthoritiesSql)
           
 void setDeleteUserSql(String deleteUserSql)
           
 void setFindAllGroupsSql(String findAllGroupsSql)
           
 void setUpdateUserSql(String updateUserSql)
           
 void setUserCache(UserCache userCache)
          Optionally sets the UserCache if one is in use in the application.
 void setUserExistsSql(String userExistsSql)
           
 void updateUser(UserDetails user)
          Update the specified user.
 boolean userExists(String username)
          Check if a user with the supplied login name exists in the system.
 
Methods inherited from class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
addCustomAuthorities, createUserDetails, getAuthoritiesByUsernameQuery, getEnableAuthorities, getEnableGroups, getRolePrefix, getUsersByUsernameQuery, isUsernameBasedPrimaryKey, loadGroupAuthorities, loadUserAuthorities, loadUserByUsername, loadUsersByUsername, setAuthoritiesByUsernameQuery, setEnableAuthorities, setEnableGroups, setGroupAuthoritiesByUsernameQuery, setRolePrefix, setUsernameBasedPrimaryKey, setUsersByUsernameQuery
 
Methods inherited from class org.springframework.jdbc.core.support.JdbcDaoSupport
checkDaoConfig, createJdbcTemplate, getConnection, getDataSource, getExceptionTranslator, getJdbcTemplate, initTemplateConfig, releaseConnection, setDataSource, setJdbcTemplate
 
Methods inherited from class org.springframework.dao.support.DaoSupport
afterPropertiesSet
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.springframework.security.core.userdetails.UserDetailsService
loadUserByUsername
 

Field Detail

DEF_CREATE_USER_SQL

public static final String DEF_CREATE_USER_SQL
See Also:
Constant Field Values

DEF_DELETE_USER_SQL

public static final String DEF_DELETE_USER_SQL
See Also:
Constant Field Values

DEF_UPDATE_USER_SQL

public static final String DEF_UPDATE_USER_SQL
See Also:
Constant Field Values

DEF_INSERT_AUTHORITY_SQL

public static final String DEF_INSERT_AUTHORITY_SQL
See Also:
Constant Field Values

DEF_DELETE_USER_AUTHORITIES_SQL

public static final String DEF_DELETE_USER_AUTHORITIES_SQL
See Also:
Constant Field Values

DEF_USER_EXISTS_SQL

public static final String DEF_USER_EXISTS_SQL
See Also:
Constant Field Values

DEF_CHANGE_PASSWORD_SQL

public static final String DEF_CHANGE_PASSWORD_SQL
See Also:
Constant Field Values

DEF_FIND_GROUPS_SQL

public static final String DEF_FIND_GROUPS_SQL
See Also:
Constant Field Values

DEF_FIND_USERS_IN_GROUP_SQL

public static final String DEF_FIND_USERS_IN_GROUP_SQL
See Also:
Constant Field Values

DEF_INSERT_GROUP_SQL

public static final String DEF_INSERT_GROUP_SQL
See Also:
Constant Field Values

DEF_FIND_GROUP_ID_SQL

public static final String DEF_FIND_GROUP_ID_SQL
See Also:
Constant Field Values

DEF_INSERT_GROUP_AUTHORITY_SQL

public static final String DEF_INSERT_GROUP_AUTHORITY_SQL
See Also:
Constant Field Values

DEF_DELETE_GROUP_SQL

public static final String DEF_DELETE_GROUP_SQL
See Also:
Constant Field Values

DEF_DELETE_GROUP_AUTHORITIES_SQL

public static final String DEF_DELETE_GROUP_AUTHORITIES_SQL
See Also:
Constant Field Values

DEF_DELETE_GROUP_MEMBERS_SQL

public static final String DEF_DELETE_GROUP_MEMBERS_SQL
See Also:
Constant Field Values

DEF_RENAME_GROUP_SQL

public static final String DEF_RENAME_GROUP_SQL
See Also:
Constant Field Values

DEF_INSERT_GROUP_MEMBER_SQL

public static final String DEF_INSERT_GROUP_MEMBER_SQL
See Also:
Constant Field Values

DEF_DELETE_GROUP_MEMBER_SQL

public static final String DEF_DELETE_GROUP_MEMBER_SQL
See Also:
Constant Field Values

DEF_GROUP_AUTHORITIES_QUERY_SQL

public static final String DEF_GROUP_AUTHORITIES_QUERY_SQL
See Also:
Constant Field Values

DEF_DELETE_GROUP_AUTHORITY_SQL

public static final String DEF_DELETE_GROUP_AUTHORITY_SQL
See Also:
Constant Field Values

logger

protected final org.apache.commons.logging.Log logger
Constructor Detail

JdbcUserDetailsManager

public JdbcUserDetailsManager()
Method Detail

initDao

protected void initDao()
                throws ApplicationContextException
Overrides:
initDao in class JdbcDaoImpl
Throws:
ApplicationContextException

createUser

public void createUser(UserDetails user)
Description copied from interface: UserDetailsManager
Create a new user with the supplied details.

Specified by:
createUser in interface UserDetailsManager

updateUser

public void updateUser(UserDetails user)
Description copied from interface: UserDetailsManager
Update the specified user.

Specified by:
updateUser in interface UserDetailsManager

deleteUser

public void deleteUser(String username)
Description copied from interface: UserDetailsManager
Remove the user with the given login name from the system.

Specified by:
deleteUser in interface UserDetailsManager

changePassword

public void changePassword(String oldPassword,
                           String newPassword)
                    throws AuthenticationException
Description copied from interface: UserDetailsManager
Modify the current user's password. This should change the user's password in the persistent user repository (datbase, LDAP etc) and should also modify the current security context to contain the new password.

Specified by:
changePassword in interface UserDetailsManager
Parameters:
oldPassword - current password (for re-authentication if required)
newPassword - the password to change to
Throws:
AuthenticationException

createNewAuthentication

protected Authentication createNewAuthentication(Authentication currentAuth,
                                                 String newPassword)

userExists

public boolean userExists(String username)
Description copied from interface: UserDetailsManager
Check if a user with the supplied login name exists in the system.

Specified by:
userExists in interface UserDetailsManager

findAllGroups

public List<String> findAllGroups()
Description copied from interface: GroupManager
Returns the names of all groups that this group manager controls.

Specified by:
findAllGroups in interface GroupManager

findUsersInGroup

public List<String> findUsersInGroup(String groupName)
Description copied from interface: GroupManager
Locates the users who are members of a group

Specified by:
findUsersInGroup in interface GroupManager
Parameters:
groupName - the group whose members are required
Returns:
the usernames of the group members

createGroup

public void createGroup(String groupName,
                        List<GrantedAuthority> authorities)
Description copied from interface: GroupManager
Creates a new group with the specified list of authorities.

Specified by:
createGroup in interface GroupManager
Parameters:
groupName - the name for the new group
authorities - the authorities which are to be allocated to this group.

deleteGroup

public void deleteGroup(String groupName)
Description copied from interface: GroupManager
Removes a group, including all members and authorities.

Specified by:
deleteGroup in interface GroupManager
Parameters:
groupName - the group to remove.

renameGroup

public void renameGroup(String oldName,
                        String newName)
Description copied from interface: GroupManager
Changes the name of a group without altering the assigned authorities or members.

Specified by:
renameGroup in interface GroupManager

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
Description copied from interface: GroupManager
Makes a user a member of a particular group.

Specified by:
addUserToGroup in interface GroupManager
Parameters:
username - the user to be given membership.
groupName - the name of the group to which the user will be added.

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
Description copied from interface: GroupManager
Deletes a user's membership of a group.

Specified by:
removeUserFromGroup in interface GroupManager
Parameters:
username - the user
groupName - the group to remove them from

findGroupAuthorities

public List<GrantedAuthority> findGroupAuthorities(String groupName)
Description copied from interface: GroupManager
Obtains the list of authorities which are assigned to a group.

Specified by:
findGroupAuthorities in interface GroupManager

removeGroupAuthority

public void removeGroupAuthority(String groupName,
                                 GrantedAuthority authority)
Description copied from interface: GroupManager
Deletes an authority from those assigned to a group

Specified by:
removeGroupAuthority in interface GroupManager

addGroupAuthority

public void addGroupAuthority(String groupName,
                              GrantedAuthority authority)
Description copied from interface: GroupManager
Assigns a new authority to a group.

Specified by:
addGroupAuthority in interface GroupManager

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

setCreateUserSql

public void setCreateUserSql(String createUserSql)

setDeleteUserSql

public void setDeleteUserSql(String deleteUserSql)

setUpdateUserSql

public void setUpdateUserSql(String updateUserSql)

setCreateAuthoritySql

public void setCreateAuthoritySql(String createAuthoritySql)

setDeleteUserAuthoritiesSql

public void setDeleteUserAuthoritiesSql(String deleteUserAuthoritiesSql)

setUserExistsSql

public void setUserExistsSql(String userExistsSql)

setChangePasswordSql

public void setChangePasswordSql(String changePasswordSql)

setFindAllGroupsSql

public void setFindAllGroupsSql(String findAllGroupsSql)

setUserCache

public void setUserCache(UserCache userCache)
Optionally sets the UserCache if one is in use in the application. This allows the user to be removed from the cache after updates have taken place to avoid stale data.

Parameters:
userCache - the cache used by the AuthenticationManager.