SpringSecurity 用户帐号已被锁定

SpringSecurity 用户帐号已被锁定

01 异常发生场景

• 当我自定义登录接口时
• 以下是我的UserDetailsService和UserDetails接口的实现类

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private MsUserServiceImp msUserServiceImp;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        //使用mybatis-plus,获取到账号密码数据
        LambdaQueryWrapper<MsUser> qw=new LambdaQueryWrapper<>();
        qw.eq(MsUser::getUsername,username);
        MsUser user = msUserServiceImp.getOne(qw);

        LoginUser loginUser = new LoginUser();
        loginUser.setMsUser(user);

        return loginUser;
    }
}

@Data
@NoArgsConstructor
@AllArgsConstructor
public class LoginUser implements UserDetails {

    private MsUser msUser;
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return null;
    }

    @Override
    public String getPassword() {
        return msUser.getPassword();
    }

    @Override
    public String getUsername() {
        return msUser.getUsername();
    }

    @Override
    public boolean isAccountNonExpired() {
        return false;
    }

    @Override
    public boolean isAccountNonLocked() {
        return false;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return false;
    }

    @Override
    public boolean isEnabled() {
        return false;
    }
}

02 问题发生的原因

• 重写的UserDetails类默认方法返回值为false

1.isAccountNonExpired()

• 判断帐户是否过期

2.isAccountNonLocked()

• 判断帐户是否锁定

3.isCredentialsNonExpired()

• 凭据是否过期，就是登录时间到没到

4.isEnabled()

• 是否启动

03 解决方式

• 将UserDetails接口的实现类里上述方法，也就是所有方法设置为true就可以避免被锁定了