diff --git a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java
index b0f17a9bb7..e4458b0d32 100644
--- a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java
@@ -1,6 +1,7 @@
package org.springframework.security.config;
import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
+import org.springframework.util.StringUtils;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.BeanDefinitionStoreException;
@@ -13,6 +14,9 @@ import org.w3c.dom.Element;
*/
public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
static final String ATT_DATA_SOURCE = "data-source-ref";
+ static final String ATT_USERS_BY_USERNAME_QUERY = "users-by-username-query";
+ static final String ATT_AUTHORITIES_BY_USERNAME_QUERY = "authorities-by-username-query";
+ static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query";
protected Class getBeanClass(Element element) {
return JdbcUserDetailsManager.class;
@@ -29,5 +33,22 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
throw new BeanDefinitionStoreException(ATT_DATA_SOURCE + " is required for "
+ Elements.JDBC_USER_SERVICE );
}
+
+ String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
+ String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
+ String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY);
+
+ if (StringUtils.hasText(usersQuery)) {
+ builder.addPropertyValue("usersByUsernameQuery", usersQuery);
+ }
+
+ if (StringUtils.hasText(authoritiesQuery)) {
+ builder.addPropertyValue("authoritiesByUsernameQuery", authoritiesQuery);
+ }
+
+ if (StringUtils.hasText(groupAuthoritiesQuery)) {
+ builder.addPropertyValue("enableGroups", Boolean.TRUE);
+ builder.addPropertyValue("authoritiesByUsernameQuery", groupAuthoritiesQuery);
+ }
}
}
diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
index 8d60ff0d91..d8a8f5ec4c 100644
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
@@ -415,6 +415,16 @@ jdbc-user-service.attlist &=
attribute data-source-ref {xsd:string}
jdbc-user-service.attlist &=
cache-ref?
+jdbc-user-service.attlist &=
+ ## An SQL statement to query a username, password, and enabled status given a username
+ attribute users-by-username-query {xsd:string}?
+jdbc-user-service.attlist &=
+ ## An SQL statement to query for a user's granted authorities given a username.
+ attribute authorities-by-username-query {xsd:string}?
+jdbc-user-service.attlist &=
+ ## An SQL statement to query user's group authorities given a username.
+ attribute group-authorities-by-username-query {xsd:string}?
+
any-user-service = user-service | jdbc-user-service | ldap-user-service
diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
index 845b03293f..09cfb1b52f 100644
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
@@ -1144,6 +1144,24 @@
UserDetailsService.
+
+
+ An SQL statement to query a username, password, and enabled status given a
+ username
+
+
+
+
+ An SQL statement to query for a user's granted authorities given a
+ username.
+
+
+
+
+ An SQL statement to query user's group authorities given a
+ username.
+
+
diff --git a/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java
index 74832ef7ac..789435ed75 100644
--- a/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java
@@ -52,6 +52,16 @@ public class JdbcUserServiceBeanDefinitionParserTests {
JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
}
+ @Test
+ public void usernameAndGroupQueriesAreParsedCorrectly() {
+ setContext("" + DATA_SOURCE);
+ JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
+ assertTrue(mgr.loadUserByUsername("rod") != null);
+ }
+
@Test
public void cacheRefIsparsedCorrectly() {
setContext(""