[英]spring security custom authentication requirements
I'm using spring security 3.1.3. 我正在使用Spring Security 3.1.3。 On an app I'm building, when a user attempts to login, in addition to checking their username and password, I need to make additional checks to validate their account (specifically, that their account does not have a flag set that indicates they are banned from logging in).
在我正在构建的应用上,当用户尝试登录时,除了检查其用户名和密码外,我还需要进行其他检查以验证其帐户(特别是,该帐户未设置表明他们是禁止登录)。 I am confused as to the best way to go about this.
对于执行此操作的最佳方法,我感到困惑。
Should I be creating an authentication filter bean and including it in the form-login element in my spring xml? 我应该创建一个身份验证过滤器bean并将其包含在spring xml中的form-login元素中吗? Or should I be doing something with an authentication-success filter that runs only when the user succeeds the username/password requirement?
还是应该使用仅在用户满足用户名/密码要求时才运行的身份验证成功过滤器来做些事情? Or something else?
或者是其他东西?
Define a custom user details service implementing UserDetailsService . 定义实现UserDetailsService的自定义用户详细信息服务。 Populate an instance of the class User with the user credentials, you can use the field
enabled
or accountNonLocked
for banned users. 使用用户凭据填充User类的实例,您可以将字段
enabled
或accountNonLocked
用于禁止的用户。
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// load user data from repository
String password = ...
boolean enabled = ...
// ...
UserDetails user = new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
return user;
}
}
Then wire your service into the authentication manager in spring-security.xml
: 然后将服务连接到
spring-security.xml
的身份验证管理器:
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
...
<security:authentication-manager>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.