Spring 安全。添加用户登录限制
Spring security. add restriction for user log in
我有以下 spring 安全配置:
<http auto-config="true" authentication-manager-ref="userAuthenticationManager">
<form-login login-page="/"
default-target-url="/member/personalAccount"
authentication-failure-url="/loginfailed" authentication-success-handler-ref="authSuccessHandler" />
<!-- <intercept-url pattern="/common/*" filters="none" /> -->
<intercept-url ..../>
<logout logout-url="/logout" logout-success-url="/" />
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
</http>
....
<authentication-manager alias="userAuthenticationManager">
<!-- <authentication-provider user-service-ref="userSecurityService"> -->
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email,password,prop_was_moderated from terminal_user where email = ?"
authorities-by-username-query="select email,user_role from terminal_user where email = ?" />
</authentication-provider>
</authentication-manager>
现在我想将新列添加到 terminal_user
table。
此专栏名为 prop_confirmed
我想实现只有 prop_confirmed
和 true
的用户才能登录。
你能帮我实现吗?
一种方法是在 users-by-username-query
中硬编码 prop_confirmed
条件。这样如果用户没有被确认,就好像他们不存在一样,认证将失败:
select email,password,prop_was_moderated from terminal_user
where email = ? AND prop_confirmed = TRUE
还有其他(可能更清洁)解决方案,例如自定义 AuthenticationManager
。请查看我关于类似问题的 SO answer,以获得对这些选项的更详细描述。
我有以下 spring 安全配置:
<http auto-config="true" authentication-manager-ref="userAuthenticationManager">
<form-login login-page="/"
default-target-url="/member/personalAccount"
authentication-failure-url="/loginfailed" authentication-success-handler-ref="authSuccessHandler" />
<!-- <intercept-url pattern="/common/*" filters="none" /> -->
<intercept-url ..../>
<logout logout-url="/logout" logout-success-url="/" />
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
</http>
....
<authentication-manager alias="userAuthenticationManager">
<!-- <authentication-provider user-service-ref="userSecurityService"> -->
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email,password,prop_was_moderated from terminal_user where email = ?"
authorities-by-username-query="select email,user_role from terminal_user where email = ?" />
</authentication-provider>
</authentication-manager>
现在我想将新列添加到 terminal_user
table。
此专栏名为 prop_confirmed
我想实现只有 prop_confirmed
和 true
的用户才能登录。
你能帮我实现吗?
一种方法是在 users-by-username-query
中硬编码 prop_confirmed
条件。这样如果用户没有被确认,就好像他们不存在一样,认证将失败:
select email,password,prop_was_moderated from terminal_user
where email = ? AND prop_confirmed = TRUE
还有其他(可能更清洁)解决方案,例如自定义 AuthenticationManager
。请查看我关于类似问题的 SO answer,以获得对这些选项的更详细描述。