SpringMVC 3 Spring Security Creating User Login

Question

I'm trying to use this tutorial to create a spring mvc user login page.

The tutorial is great but one thing is not clear, on the second page he talks about the UserRepository interface. The interface methods return User . What I'm confused about is of the User he's referring to is the User object part of the spring framework? The reason I ask if because I want to have an email address field which is not there in the User object which is part of the Spring security framework.

Also, in his implementation of the UserLoginService he has a method:

@Override
public User getLoggedUser() {
    User loggedUser = null;
    AuthenticationUserDetails userDetails = getLoggedUserDetails();
    if (userDetails != null) {            
        loggedUser = userRepository.findById(userDetails.getId());
    }
    return loggedUser;
}

the trouble is that the AuthenticationUserDetails does not have a getId() method, which makes me think he intends us to extend Spring's User to create our own Account entity or something.

I want to use Hibernate to create my Account and Role entities and so far every tutorial I've found seems to be before Spring MVC 3 or just giving bits and pieces.

Can anyone provide clarification on this or refer me to a good tutorial for User Login with Spring Security and SpringMVC?

Answer 1

The User is a Spring Security UserDetails object. If you want to extend the object to add more fields, implement the UserDetailsService interface and extend the UserDetails object with your own fields. Then configure Spring Security to use your service, as follows:

<security:authentication-manager>
    <security:authentication-provider user-service-ref="myDetailsService" />
</security:authentication-manager>