我正在尝试实现org.springframework.security.core.userdetails.UserDetails并创建不受阻碍且已启用的用户。
阅读文档不是很清楚UserDeatails,什么是活动用户的正确设置(未阻止,已到期等),尝试过-
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
得到org.springframework.security.authentication.AccountExpiredException: User account has expired,其他变体以被阻止结束。
答案 0 :(得分:1)
默认设置是它将使用DefaultPreAuthenticationChecks和DefaultPostAuthenticationChecks按以下顺序检查UserDetails的状态:
isAccountNonLocked() = false , throw "User account is locked" exception. isEnabled() = false , throw "User is disabled" exception. isAccountNonExpired() = false , throw "User account has expired" exception. isCredentialsNonExpired() = false , throw "User credentials have expired" exception.
因此,为了通过所有这些默认检查,UserDeatails应该为上述所有方法返回true。