concept UserDetails contract in category spring
This is an excerpt from Manning's book Spring Security in Action MEAP V07.
Figure 3.2 Dependencies between the components involved in user management. The UserDetailsService returns the details of a user finding the user by its name. The UserDetails contract describes the user. A user has one or more authorities ( represented by the GrantedAuthority interface). The UserDetailsManager contract extends UserDetailsService to add operations with the user, such as create, delete or change of its password.
In this section, you’ll write your first implementation of the UserDetails contract. We’ll start with a basic implementation in which each method returns a static value. Once you’ve done this, we change it to a version that is more probable to find in a practical scenario and which allows you to have multiple different instances of users. Now that you know how to implement the UserDetails and the GrantedAuthority interfaces, we can already write the simplest definition of a user for an application. With a class that I would name a DummyUser, let’s implement a minimal description of a user. I use this class mainly as a demonstration of implementing the methods for the contract. Instances of this class always refer to only one user: “bill” which has the password “12345” and an authority named “READ”.
Listing 3.2 The DummyUser class is a straightforward implementation of the UserDetails contract
public class DummyUser implements UserDetails { @Override public String getUsername() { return "bill"; } @Override public String getPassword() { return "12345"; } // Omitted code }