春季安全检查生效日期和登录前的到期日期

时间:2015-01-21 03:23:27

标签: spring spring-mvc spring-security

我需要在登录前检查用户是否已通过生效日期未过期。我该怎么办?我有自定义authenticationsuccesshandlerauthenticationfailurehandler

<form-login login-page="/login" 
  authentication-failure-url="/login?error" 
  authentication-failure-handler-ref="authenticationFailureHandler"
  authentication-success-handler-ref="authenticationSuccessHandlerWithoutReferer1"/>

弹簧security.xml文件

  <authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource" 
                           users-by-username-query="select USER_ID,USER_PWD,USER_STATUS from USER where USER_ID=?"
                           authorities-by-username-query="select username, authority from authorities where username =?  " />
        <password-encoder hash="md5"/>
    </authentication-provider>
</authentication-manager>

3 个答案:

答案 0 :(得分:1)

您需要实现UserDetailsService界面。

@Service("customUserService")
public class CustomUserService implements UserDetailsService {

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // find out all necessary information about the user
        // for example, use JdbcTemplate to query from your data source
        // note especially the boolean accountNonExpired below
        return new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }
}

您无法使用jdbc-user-service标记。代替:

<authentication-manager>
  <authentication-provider user-service-ref="customUserService">
    <!-- password encoder etc -->
  </authentication-provider>
</authentication-manager>

答案 1 :(得分:0)

如果您需要根据文档进行特殊情况验证,则必须实施AuthenticationProvider

http://docs.spring.io/spring-security/site/docs/4.0.0.RC1/reference/htmlsingle/#tech-userdetailsservice

如果您使用的是javaconfig,请将其添加到AuthenticationManagerBuilder。 如果使用元数据我认为你需要做这样的事情:

<authentication-manager>
    <authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>

答案 2 :(得分:-1)

创建自定义UserDetailsS​​ervice实现

示例:

@Service("customUserService")
public class UserServiceImpl   implements UserDetailsService{

  /**
   * Used by spring security 
   */
   public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {

      try{
        //Do all your check 
        //create object of User and return, password can be anything
        return new User(username, password, authorities);
      }catch(NubeException e){
        throw new UsernameNotFoundException("user_not_found");
      }
    }

}

然后告诉spring使用你的类进行身份验证:

<authentication-manager>
    <authentication-provider  user-service-ref="customUserService" />
</authentication-manager>
相关问题
最新问题