用戶認證業務里,我們封裝User對象時,選擇了三個構造參數的構造方法,其實還有另一個構造方法,源碼如下:
public User(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) { if (username != null && !"".equals(username) && password != null) { this.username = username; this.password = password; this.enabled = enabled; this.accountNonExpired = accountNonExpired; this.credentialsNonExpired = credentialsNonExpired; this.accountNonLocked = accountNonLocked; this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities)); } else { throw new IllegalArgumentException("Cannot pass null or empty values to constructor"); } }
可以看到,這個構造方法里多了四個布爾類型的構造參數,其實我們使用的三個構造參數的構造方法里這四個布爾值默認都被賦值為了true,那么這四個布爾值到底是何意思呢?
boolean enabled 是否可用
boolean accountNonExpired 賬戶是否失效
boolean credentialsNonExpired 密碼是否失效
boolean accountNonLocked 賬戶是否鎖定
判斷認證用戶的狀態:
這四個參數必須同時為true認證才可以通過,修改認證業務代碼:
/** * 認證業務 * @param username 用戶在瀏覽器輸入的用戶名 * @return UserDetails 是springSecurity自己的用戶對象 * @throws UsernameNotFoundException */ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { try { // 根據用戶名做查詢 SysUser user = userDao.findByName(username); if (user == null) { //若用戶名不對,直接返回null,表示認證失敗。 return null; } List<SimpleGrantedAuthority> authorities = new ArrayList<>(); List<SysRole> roles = user.getRoles(); for (SysRole role : roles) { authorities.add(new SimpleGrantedAuthority(role.getRoleName())); } //最終需要返回一個SpringSecurity的UserDetails對象,{noop}表示不加密認證。 // UserDetails userDetails = new User(user.getUsername(), "{noop}" + user.getPassword(), authorities); // UserDetails userDetails = new User(user.getUsername(), user.getPassword(), authorities); UserDetails userDetails = new User(user.getUsername(), user.getPassword(), user.getStatus() == 1, true, true, true, authorities); return userDetails; } catch (Exception e) { e.printStackTrace(); // springSecurity內部認為返回null就是認證失敗 return null; } }
此時,只有用戶狀態為1的用戶才能成功通過認證!