我有以下spring security config:
<http auto-config="true" authentication-manager-ref="userAuthenticationManager">
<form-login login-page="/"
default-target-url="/member/personalAccount"
authentication-failure-url="/loginfailed" authentication-success-handler-ref="authSuccessHandler" />
<!-- <intercept-url pattern="/common/*" filters="none" /> -->
<intercept-url ..../>
<logout logout-url="/logout" logout-success-url="/" />
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
</http>
....
<authentication-manager alias="userAuthenticationManager">
<!-- <authentication-provider user-service-ref="userSecurityService"> -->
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email,password,prop_was_moderated from terminal_user where email = ?"
authorities-by-username-query="select email,user_role from terminal_user where email = ?" />
</authentication-provider>
</authentication-manager>
现在我想在terminal_user
表中添加新列。
此列名为prop_confirmed
我想实现只有prop_confirmed
为true
的用户才能登录。
你能帮我实现吗?
答案 0 :(得分:1)
您可以采用的一种方法是在prop_confirmed
中对users-by-username-query
条件进行硬编码。这样,如果用户未被确认,那就好像它们不存在并且身份验证将失败:
select email,password,prop_was_moderated from terminal_user
where email = ? AND prop_confirmed = TRUE
还有其他(可能更清晰)的解决方案,例如自定义AuthenticationManager
。有关这些选项的详细说明,请查看我的SO answer类似问题。