Configure Users
Learn how to configure Spring Security to register all users that need access to our system.
Demos are nice. As stated in the last section, they’re a great way to quickly pitch something to our CTO, for example.
When it’s time to get real, we need something a little more scalable. There are other ways to register the users that need access to our system. Odds are pretty good, however, that our Security Ops team will want to manage that repository with separate tools.
Imagine that the Security team’s user management tool is also based on MongoDB. It could be any other data store. The fundamental concept of storing a collection of users along with their passwords and roles is the same.
While Spring Security has multiple ways to hard code a collection of these users, it’s simply easier to connect to a live data store. It’s simple to do, and there won’t be any growing pains when we transition from the concept to its concrete implementation.
Because we’ve been using MongoDB throughout this course, we’ll continue doing so here.
Create a User type
To start things off, we need to define our User type as following:
public class User {private @Id String id; // 1private String name;private String password;private List<String> roles;private User() {} // 2public User(String id, String name, String password, List<String> roles) { // 3this.id = id;this.name = name;this.password = password;this.roles = roles;}public User(String name, String password, List<String> roles) { // 4this.name = name;this.password = password;this.roles = roles;}// just put the rest (getters/setters/etc) here}
Here’s a breakdown of the code above:
-
In line 3, we flag the key field using Spring Data Commons’
@Idannotation. ...