Login/Register
Spring Security user account registration, creation and management
Asked Answered
Solved springauthenticationjakarta-eespring-securityuser-registration
L

3

19

I've been looking into using Spring Security for the authentication/authorization of my web application (this will be JDBC based).

However, a core component seems to be left out from my perspective. How do I register/create new users? Is there an out of the box API for that?

Do i need to write user registration and management from scratch? Things i need to do include: - Registering a new user - Resetting passwords - Emailing a user to activate their account - Emailing a user to reset their account.

Thank you in advance.

Leeward answered 21/12, 2011 at 23:56 Comment(1)
#23562766Persecute
K
9

I use Spring Security on my project. The framework does not have an API for user creation or registration as you asked. For Spring Security to be generic and usable across multiple frameworks, it can only take you so far before you have to write custom code. You can't really get a more specific answer about a framework or tool to use because at this point you will just use the frameworks you are already using anyway.

If you've set it up to use users and roles in your database, from your data access layer you would create a record in the user table or update a password (preferably stored as a hash) in that record. And as Aravind said, Spring does provide email support.

If you really want to see one way to do it: I'm using Spring MVC, JSP, and Hibernate. I use Spring's form tags in a JSP to bind a new user form to a Person object, and my controller method passes that Person object to my Dao to persist it.

The controller method signature looks like this...

@RequestMapping(value = "/newUser", method = RequestMethod.POST)
public ModelAndView createNewUser(final @Valid @ModelAttribute Person user,
                                  final BindingResult result,
                                  final SessionStatus status,
                                  final @RequestParam(value = "unencodedPassword", required = true) String password) {
        ...
        user.getRoles().add(new Role(user, Role.APPLICATION_ROLE.ROLE_USER));
        userDao.createNewUser(user);
        ...
}

and my PersonDao would use Hibernate to persist the user like so

@Transactional
public void createNewUser(Person user)
{
    Session session = sessionFactory.getCurrentSession();
    session.save(user);
    session.flush();
}
Katey answered 22/12, 2011 at 13:9 Comment(2)
Thanks for the information. However, do you have a recommendation on an API/Framework/Tool to handle user creation/registration outside of spring? Or do you recommend i write one from scratch?Leeward
Yes I recommend you write one from scratch. To give you a sense of how much you have to write, to register a new user I have maybe a dozen lines of JSP, a dozen lines in a Spring MVC controller, and just a few lines in a DAO. Spring Security gets you most of the way there, you should have to write very little code to finish it. The reason there's no API to handle user creation outside of Spring is that you'll just use whatever technologies you're already using, like JSP or JSF, and Hibernate or JDBC.Katey
C
1

As far as I know, Spring Security does not have built in support for new user creation and registration. You will have to manage this yourself. However it does have emailing support. Check here for more on this.

Cribbage answered 22/12, 2011 at 6:38 Comment(2)
Thanks for the information. However, do you have a recommendation on an API/Framework/Tool to handle user creation/registration outside of spring? Or do you recommend i write one from scratch?Leeward
You could get some good widgets built with JQuery and intergrate it with Spring . You could also base your Login on openid but in the end nothing comes with built in functionality. You'll have to code it in . – Aravind A 11 hours agoCribbage
P
1

Have a look at my answer here.

"I have implemented a JAVA project for this use case. It is open source, based on Spring-Security. A release version is on Maven-Central, so you do not need to compile it, but instead you can fetch it as maven-dependency to your project!"

<dependency>
     <groupId>com.ohadr</groupId>
     <artifactId>authentication-flows</artifactId>
     <version>1.5.0-RELEASE</version> 
</dependency>
Persecute answered 21/5, 2014 at 20:10 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.