SpringSecurity 用户帐号已被锁定

SpringSecurity 用户帐号已被锁定

01 异常发生场景

  • 当我自定义登录接口时
  • 以下是我的UserDetailsService和UserDetails接口的实现类
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private MsUserServiceImp msUserServiceImp;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        //使用mybatis-plus,获取到账号密码数据
        LambdaQueryWrapper<MsUser> qw=new LambdaQueryWrapper<>();
        qw.eq(MsUser::getUsername,username);
        MsUser user = msUserServiceImp.getOne(qw);

        LoginUser loginUser = new LoginUser();
        loginUser.setMsUser(user);

        return loginUser;
    }
}
@Data
@NoArgsConstructor
@AllArgsConstructor
public class LoginUser implements UserDetails {

    private MsUser msUser;
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return null;
    }

    @Override
    public String getPassword() {
        return msUser.getPassword();
    }

    @Override
    public String getUsername() {
        return msUser.getUsername();
    }

    @Override
    public boolean isAccountNonExpired() {
        return false;
    }

    @Override
    public boolean isAccountNonLocked() {
        return false;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return false;
    }

    @Override
    public boolean isEnabled() {
        return false;
    }
}

SpringSecurity 用户帐号已被锁定_第1张图片

02 问题发生的原因

  • 重写的UserDetails类默认方法返回值为false

1.isAccountNonExpired()

  • 判断帐户是否过期

2.isAccountNonLocked()

  • 判断帐户是否锁定

3.isCredentialsNonExpired()

  • 凭据是否过期,就是登录时间到没到

4.isEnabled()

  • 是否启动

03 解决方式

  • 将UserDetails接口的实现类里上述方法,也就是所有方法设置为true就可以避免被锁定了

你可能感兴趣的:(SpringSecurity,tomcat,spring)