Skip to content

Configure Users With inMemoryUserDetailsManager#

Configure Users With inMemoryUserDetailsManager#

#zoom

  • As in Configure Users With inMemoryAuthentication, we knew how to create users by inMemoryAuthentication. Now, we will deep dive a little bit by creating users by inMemoryUserDetailsManager which by default provided by the spring security when we want to store user details inside memory of our application.
  • By default we have inMemoryUserDetailsManager is an implementation of UserDetailsManager which extended from UserDetailsService. So we have to ensure that we have to build the UserDetails that we want to use for our application.
UserDetailsService.java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
//  
// Source code recreated from a .class file by IntelliJ IDEA  
// (powered by FernFlower decompiler)  
//  

package org.springframework.security.core.userdetails;  

public interface UserDetailsService {  
    UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;  
}
UserDetailsManager.java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by FernFlower decompiler)
//

package org.springframework.security.provisioning;

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;

public interface UserDetailsManager extends UserDetailsService {
    void createUser(UserDetails user);

    void updateUser(UserDetails user);

    void deleteUser(String username);

    void changePassword(String oldPassword, String newPassword);

    boolean userExists(String username);
}
InMemoryUserDetailsManager.java
1
2
3
4
5
public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetailsPasswordService {

    ...............

}
ProjectSecurityConfig.java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package com.spring.security.spring.security.inMemoryUserDetailsManager.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
public class ProjectSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     *
     * contact: Not Secure
     * notice: Not Secure
     * balance: Secure
     * Card: Secure
     * Loan: Secure
     * Account: Secure
     *
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/v1/accounts/**").authenticated()
                .antMatchers("/v1/balance").authenticated()
                .antMatchers("/v1/loan").authenticated()
                .antMatchers("/v1/card").authenticated()
                .antMatchers("/v1/contact").permitAll()
                .antMatchers("/v1/notice").permitAll()
                .and().formLogin()
                .and().httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
        UserDetails user1 = User.withUsername("admin").password("12345").authorities("admin").build();
        UserDetails user2 = User.withUsername("user").password("12345").authorities("admin").build();
        userDetailsManager.createUser(user1);
        userDetailsManager.createUser(user2);
        auth.userDetailsService(userDetailsManager);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

}
  • As you can see, we will create a new InMemoryUserDetailsManager then we create new UserDetails with username, password and authorities and set it into InMemoryUserDetailsManager. Finally, we set the InMemoryUserDetailsManager into AuthenticationManagerBuilder. It's mean we has just provided the custom UserDetails Service (InMemoryUserDetailsManager) for AuthenticationManagerBuilder.
  • So the step for UserDetails Service by InMemoryUserDetailsManager has done. Then we will need to configure the default PasswordEncoder. So we will create a bean for the PasswordEncoder as you can see in the code so the Spring Security will load it as the default PasswordEncoder.
  • Now we have InMemoryUserDetailsManager and PasswordEncoder so, let's start the application and call api for checking. You should see the result as the image below.

#zoom

See Also#

References#