Comments (5)
I want to work on this issue. Could you please let me know what is the motivation behind this overload?
from spring-security.
HI @jtroussard, can you elaborate more on why do you need that? I'm assuming that you are associating ids to your users and want to load them using that id, if so, this is a specific use-case and that is not something that the framework can do for you, since different applications will have different business needs.
from spring-security.
Yup Sorry! @marcusdacoregio I had this all written up and didn't hit the submit button:
Hi Team
I'm still relatively new to the spring/spring-boot world. I'm working on a web applications authentication/access control workflow and was curious about this class.
If our application doesn't have unique username, this makes implementing this method, tricky or impossible.
Does it make sense to add another method to access the target user, with perhaps a signature like this?
Originally I had user by ID, obviously that was an oversight on my part, I wanted user by email.
public UserDetails loadUserById(Long memberId) throws UsernameNotFoundException
public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException
Seems like it wouldn't be a far fetched thought to consider username names don't HAVE to be unique, so now I'm second guessing myself and might be misunderstanding this class and the best practices for user access (to a dynamic account page for example) and authentication.
from spring-security.
What prevents you from implementing the UserDetailsService.findByUsername
but passing the emailaddress
. The username
here is more or less the identifying username you fill into the login name for the authentication (or extract from a token etc.). So it doesn't have to map to a username
property in your user table/entity but can map to anything.
from spring-security.
@mdeinum is right. Usually you would pass the email as the username parameter. If it doesn't satisfy your needs, consider implementing your own AuthenticationProvider
that does not depend on a UserDetailsService
.
I'll close this since there is another alternatives to satisfy your need and I don't feel that the framework should do anything different here.
from spring-security.
Related Issues (20)
- Resolving invalid CSRF token values is not consistent
- Resolving invalid CSRF token values is not consistent
- Resolving invalid CSRF token values is not consistent
- Exclude url form OAuth2 security authentication HOT 1
- Oauth2 maximumSessions did not work HOT 3
- DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc
- DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc
- Incorrect documentation for OIDC Back-Channel Logout
- Session Cookie name cannot be changed in OIDC back channel logout handler HOT 2
- Support extracting nested authorities in JwtGrantedAuthoritiesConverter HOT 1
- CookieRequestCache should set SameSite on the REDIRECT_URI cookie HOT 1
- Clarify the behavior of Concurrent Session Management when an IdP is involved
- default SpringOpaqueTokenIntrospector always returns empty authorities HOT 1
- Documentation clarification after #12783 has been closed is needed. HOT 1
- hasAuthority and custom Mono<Boolean> method in @PreAuthorize leads to ConverterNotFoundException error HOT 2
- AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc
- AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc
- Incorrect documentation for OIDC Back-Channel Logout
- Security Context is not updating HOT 5
- Fail when any filter chain declared after an AnyRequestMatcher filter chain HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.