these for authentication:
-Authentication interface
-userDetails.UserDetails class
-userDetails.User class
But User and UserDetails only provides username and not more details about of logged in user.
I want to add some fields to logged in UserDetails such as ID and phone and etc.
I read a lot and see there is two way :
1. Create a UserBean Entity (corresponding to DB) and extends it from User or implements UserDetails.
And then create a service class that implements UserDetailsService and change loadByUsername method.
2. Create a custom Authentication class instead of security.core.Authentication
interface.
Which of these two way is better?
I can't say for sure. Custom Authentication provider is for more advanced scenarios when you want to do something really extraordinary when checking auth requests. Personally, I would use the first option as it is more straightforward and ready-to-use, and I'm familiar with it. I don't know much of your requirements to say what's better. What I would do, if I were you, and have no clear understanding what to choose, what fits better to your system: try to implement first option, add all necessary custom fields to your user, follow online tutorials (there are plenty of them). It shouldn't take too much effort. And then based on the result (or right in the middle of the process) understand whether something more custom is needed. And very personal thing that I would do: I would read a good book dedicated to spring security first. That is exactly what is needed for me to fill that gap "understand the common way, but not sure what to do in special cases". I have that gap, so don't take most of my advices as a holy grail))
Обсуждают сегодня