问题
I followed this guide Spring boot security + JWT in order to learn how to secure an application using spring boot security and jwt and i am calling the /authenticate api to test login functionality.
@PostMapping(value = "/authenticate")
public ResponseEntity<?> createAuthenticationToken(@RequestBody User authenticationRequest) throws Exception {
authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
final UserDetails userDetails = userDetailsService
.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(userDetails);
return ResponseEntity.ok(new JwtResponse(token));
}
private void authenticate(String username, String password) throws Exception {
try {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
} catch (DisabledException e) {
throw new Exception("USER_DISABLED", e);
} catch (BadCredentialsException e) {
throw new Exception("INVALID_CREDENTIALS", e);
}
}
I am using postman to call the api passing username and password in json :
{
"username":"user",
"password":"pass"}
AuthenticationManager.authenticate is throwing User is Locked
My implementation of UserDetails is directly on a User Entity, not the best practices but i didnt have a better idea for how to do it now, maybe i should have some kind of DTO that implements is and have it as argument to createAuthenticationToken()
These are the overriden methods comming from UserDetails:
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
Any help is appreciated.
回答1:
isAccountNonLocked
boolean isAccountNonLocked()
Indicates whether the user is locked or unlocked. A locked user cannot be authenticated.
Returns:
true if the user is not locked, false otherwise
false means the user is locked.You should return true from the method for the user to be not locked.
来源:https://stackoverflow.com/questions/59778085/user-account-is-locked-when-signing-in-spring-securty