Spring Security:带有UserDetails的Custome AuthenticationProvider不起作用

时间:2019-09-07 07:36:33

标签: spring-boot spring-security

我有自定义的AuthenticationProvider,可以检查手动的用户名和密码,final UserDetails principal = new User(username, password, grantedAuths);在我开始使用MyUserDetails类final UserDetails principal =new MyUserDetails(username, password, grantedAuths);时仍然可以正常工作,但是如果用户isisAccountNonLocked为false,即使允许成功登录,甚至MyUserDetails都可以与Custom UserDetailsS​​ervice一起使用,请帮帮我...

public class MyUserDetails implements UserDetails { 

private String username;
private String password;
private List<GrantedAuthority> authorities;

public MyUserDetails() {

}

public MyUserDetails(String username, String password, List<GrantedAuthority> authorities) {
    this.username = username;
    this.password = password;
    this.authorities = authorities;
}

// another setter getter
}


@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {

        final String username = authentication.getName();
        final String password = authentication.getCredentials().toString();

        if (username.equals("sagir") && password.equals("password")) {

            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority("USER"));



            //final UserDetails principal = new User(username, password, grantedAuths); working fine with them

            final UserDetails principal =new MyUserDetails(username, password, grantedAuths);
            // MyUserDetails not working in case isAccountNonExpired,isAccountNonLocked,isCredentialsNonExpired is false still I am able to login, they only checks username&pwd
            final Authentication auth = new UsernamePasswordAuthenticationToken(principal, password, grantedAuths);

            return auth;

        } else {
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }

}

    }
// WebConfig
// WebConfig
@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {


        //auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); working fine with userDetailsService  
auth.authenticationProvider(authenticationProvider);

0 个答案:

没有答案
相关问题
最新问题