stackoom
  简体   繁体   中英

Implementing UserDetails and CredentialsContainer in Spring Security

 原文  2015-08-10 13:54:09       java/ spring/ spring-security

Question

I want to erase the user's credentials after login, so i'm implementing UserDetails and CredentialsContainer in my Account class. 

@Entity
public class Account implements UserDetails, CredentialsContainer {
...

However, in the docs it says that CredentialsContainer is For internal framework use only .

So I was wondering if this can be a problem in the future.

1 answers

solution1
 1 ACCPTED  2015-08-10 15:05:26

You can implement the interface. However, it isn't intended to be implemented if you are writing your own AuthenticationProvider. From the javadoc:

For internal framework use only. Users who are writing their own AuthenticationProvider implementations should create and return an appropriate Authentication object there, minus any sensitive data, rather than using this interface.

So you can implement it so that Spring Security will call eraseCredentials on your app. However, it is not recommended for you to invoke eraseCredentials on the CredentialsContainer .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security UserDetails cache Spring Security UserDetails with Oracle Spring Security UserDetails Best Practice Spring security custom UserDetails not authenticating @Autowired return exception on UserDetails in Spring-security Excluding GrantedAuthority from userDetails in spring security Null GrantedAuthority to get UserDetails on Spring Security Spring Security custom UserDetails : salt issue How to cast UserDetails in Spring Security context? Spring security UserDetails and controller (get user)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM