DeBlog

Acegi is a great security framework that I’m using at a project at work. If you checked out the tutorial on the site, they use a user.properties file to store the user names, passwords and the authorities of the users. This is o.k for an example but in real world applications you need a database, LDAP, etc. based authentication back-end. So this is how you transfer from the inMemoryDaoImpl to the jdbcDaoImpl to get the user details from the database.
In the applicationContext file:

[bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"]

the class that will provide this bean is the JdbcDaoImpl class which needs a datasource as a property.

[property name="dataSource"]
      [ref bean="bssDataSource"][/ref]
[/property]

next we have to override the default SQL’s that Acegi uses to get the data:

[property name="usersByUsernameQuery"]
    [value]
        select username, password, enabled from User where username = ?
    [/value]
[/property]
[property name="authoritiesByUsernameQuery"]
    [value]
        select username, authority from User where username = ?
    [/value]
[/property]

And that’s it. You would have to change the SQLs according to your database schema of course.
The final bean is this:

[bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"]

[property name="dataSource"]
      [ref bean="bssDataSource"][/ref]
[/property]

[property name="usersByUsernameQuery"]
    [value]
        select username, password, enabled from User where username = ?
    [/value]
[/property]
[property name="authoritiesByUsernameQuery"]
    [value]
        select username, authority from User where username = ?
    [/value]
[/property]
[/bean]