我需要在登录前检查用户是否已通过生效日期且未过期。我该怎么办?我有自定义authenticationsuccesshandler
和authenticationfailurehandler
。
<form-login login-page="/login"
authentication-failure-url="/login?error"
authentication-failure-handler-ref="authenticationFailureHandler"
authentication-success-handler-ref="authenticationSuccessHandlerWithoutReferer1"/>
弹簧security.xml文件
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select USER_ID,USER_PWD,USER_STATUS from USER where USER_ID=?"
authorities-by-username-query="select username, authority from authorities where username =? " />
<password-encoder hash="md5"/>
</authentication-provider>
</authentication-manager>
答案 0 :(得分:1)
您需要实现UserDetailsService界面。
@Service("customUserService")
public class CustomUserService implements UserDetailsService {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// find out all necessary information about the user
// for example, use JdbcTemplate to query from your data source
// note especially the boolean accountNonExpired below
return new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
}
您无法使用jdbc-user-service
标记。代替:
<authentication-manager>
<authentication-provider user-service-ref="customUserService">
<!-- password encoder etc -->
</authentication-provider>
</authentication-manager>
答案 1 :(得分:0)
如果您需要根据文档进行特殊情况验证,则必须实施AuthenticationProvider
如果您使用的是javaconfig,请将其添加到AuthenticationManagerBuilder
。
如果使用元数据我认为你需要做这样的事情:
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
答案 2 :(得分:-1)
创建自定义UserDetailsService实现
示例:
@Service("customUserService")
public class UserServiceImpl implements UserDetailsService{
/**
* Used by spring security
*/
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
try{
//Do all your check
//create object of User and return, password can be anything
return new User(username, password, authorities);
}catch(NubeException e){
throw new UsernameNotFoundException("user_not_found");
}
}
}
然后告诉spring使用你的类进行身份验证:
<authentication-manager>
<authentication-provider user-service-ref="customUserService" />
</authentication-manager>