Question

嗨我有一个使用Spring webflow和Spring Security的j2ee应用程序。我想实现帐户锁定，以便在密码失败三次后，帐户将被锁定。我该如何实现呢。

Answer 1

你能使用AuthenticationFailureHandler吗？ Acegi FAQ中提出了这种方法（参见常见问题＃3）。

Answer 2

该行为属于下划线身份验证提供程序。如果您使用的是LDAP密码策略，则LdapAuthenticationProvider会在帐户被阻止时抛出异常如果您当前的AuthenticationProvider没有此功能，则将其子类化。

Answer 3

您可以使用 AuthenticationFailureHandler

public class MySimpleAuthenticationFailureHandler  implements
AuthenticationFailureHandler {

private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

 public MySimpleAuthenticationFailureHandler() {
        super();
    }
public void onAuthenticationFailure(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException exception)
                throws IOException, ServletException {

    String message = "";

    if(exception instanceof UsernameNotFoundException) {
        message = "UsernameNotFoundException";
    } else if(exception instanceof AuthenticationCredentialsNotFoundException) {
        message = "AuthenticationCredentialsNotFoundException";
    }else if(exception instanceof InsufficientAuthenticationException) {
        message = "InsufficientAuthenticationException";
    }else if(exception instanceof AccountExpiredException) {
        message = "AccountExpiredException";
    }else if(exception instanceof CredentialsExpiredException) {
        message = "CredentialsExpiredException";
    }else if(exception instanceof DisabledException) {
        message = "DisabledException";
    }else if(exception instanceof LockedException) {
        message = "LockedException";
    }else if(exception instanceof BadCredentialsException) {
        message = "BadCredentialsException";
    }else{
        message = exception.getMessage();
    }
    final HttpSession session = request.getSession();
    session.setAttribute("errorMessage", message);
    redirectStrategy.sendRedirect(request, response, "/login?error="+message);
}

}

Spring安全帐户锁定

3 个答案: