Embedding Spring Security in the ZK + Spring Framework + Hibernate: Part Three

Good day to all. This is the end of a series of articles (one and two ) about implementing Spring Security into a web application written in ZK. In the last post, we assumed the mechanism for checking the correctness of the login and password by overriding the protected UserDetails retrieveUser method from the inherited class AbstractUserDetailsAuthenticationProvider.
Let's go the other way. Let's put a check on the login-password compliance on one of the important interfaces of the Spring Security system - on the UserDetailsService , which loads user data through the loadUserByUsername method.

We implement this interface in the UserDetailsServiceImpl class:

package com.sample.service; import java.util.ArrayList; import java.util.Collection; import java.util.List; import java.util.Set; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import com.sample.data.Role; @SuppressWarnings("deprecation") @Service("userDetailsService") @Transactional public class UserDetailsServiceImpl implements UserDetailsService { @Autowired public ISecur userDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user; List<com.sample.data.User> listUser = userDao.findAllUsers(); if (listUser.size() == 0) { throw new UsernameNotFoundException("    "); } com.sample.data.User person = getUser(listUser, username); if (person == null) { throw new UsernameNotFoundException(" "); } else { user = new User(person.getUsername(), person.getPassword(), true, true, true, true, getAuthorities((Set<Role>) person.getRoleList())); } return user; } private com.sample.data.User getUser(List<com.sample.data.User> lp, String userName) { com.sample.data.User pers = null; for (com.sample.data.User p : lp) { if (userName.equals(p.getUsername())) { pers = p; } } return pers; } private Collection<GrantedAuthority> getAuthorities(Set<Role> set) { Collection<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(); for (Role role : set) { authList.add(new GrantedAuthorityImpl(role.getName())); } return authList; } @SuppressWarnings("deprecation") private Collection<GrantedAuthority> getAuthorities(String grant_name) { Collection<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(); authList.add(new GrantedAuthorityImpl("ROLE_USER")); return authList; } } 

The next step will be to change the configuration of authentication-manager, which is described in the spring-config.xml file. Instead of lines:

  <security:authentication-manager> <security:authentication-provider ref="userDetailsService"> </security:authentication-provider> </security:authentication-manager> 

write the following:

  <security:authentication-manager> <security:authentication-provider user-service-ref="userDetailsService"/> </security:authentication-manager> <security:authentication-manager> 

Now that's it.
PS I hope it was interesting, and if there are any questions like Spring Security or ZK, then ask, I will try to answer all!
Thanks for attention