我是Spring Security的初学者。
我已经实现了方法interface的UserDetailsServicepublic UserDetails loadUserByUsername(String email)我的问题在下面。……
用户名和密码都输入错误,则可以正常工作。但是,当我输入正确的用户名和错误的密码时,我想在数据库中添加尝试,否则就不添加。如果用户名和密码正确,那么我不想将尝试更新到数据库中。
private static final int MAX_ATTEMPTS = 3;
int MIN_ATTEMPTS = 0;
@Override
public UserDetails loadUserByUsername(String email) {
Members members = membersDao.findByEmail(email);
Set<GrantedAuthority> authorities = new HashSet<>();
if (members == null) {
throw new RuntimeException("Invalid username and password");
} else {
if (members == null) {
} else {
MIN_ATTEMPTS = members.getAttempts();
MIN_ATTEMPTS ++;
members.setAttempts(MIN_ATTEMPTS);
membersDao.save(members);
throw new RuntimeException("Login Attepmts "+MIN_ATTEMPTS);
}
if (members.getAttempts() <= MAX_ATTEMPTS) {
Role role = members.getRoles();
authorities.add(new SimpleGrantedAuthority(role.getRole()));
return new User(members.getEmail(), members.getPassword(),authorities);
} else {
throw new RuntimeException("blocked");
}
}
}
我尝试过更改代码
private static final int MAX_ATTEMPTS = 3;
@Override
public UserDetails loadUserAndCheckLogin(String email, String enteredPassword) {
Members members = membersDao.findByEmail(email);
if (members == null) {
//Create Error Message for User
return null;
}
if (members.getAttempts() > MAX_ATTEMPTS) {
//Create Error Message for User
return null;
}
if (members.getPassword().equals(enteredPassword)) {
Set<GrantedAuthority> authorities = new HashSet<>();
Role role = members.getRoles();
authorities.add(new SimpleGrantedAuthority(role.getRole()));
members.setAttempts(0);
membersDao.save(members);
return new User(members.getEmail(), members.getPassword(), authorities);
} else {
int attempts = members.getAttempts();
members.setAttempts(++attempts);
membersDao.save(members);
//Create Error Message for User
return null;
}
}
顺便说一句。我不确定您是否真的要创建一个新的“ SimpleGrantedAuthority”和“ User”,还是要从数据库中加载现有的。
并且您应该为密码使用哈希。