开发者

How to check user details without log-in in Spring security

问答 作者:

How to check the userdetails before spring security authentication is takes place.

Here in my project during login i need to check the basic validations username/password exists , validity of username , max retry limit(5invalid entries after that block a/c) and show error based on the failure.

On correct username/password need to check whether user logging into application for first time (based on flag in db) ,if so need to display an disclaimer page[ to access the appl开发者_StackOverflow社区ication the user should accept the disclaimer].

Here is the flow

username/pwd in form -> Submit ->check for valid credentials

--> No --> display error[update retry flag] --> yes -->check validity-->exceed->display error -->with in validity period-->check is first time(and disclaimer accepted) -->show app if disclaimer already accepted else show disclaimer page without logging into application

On I accept button login the user to application.

I don't think this will involve Spring security per se. In your action class just call a method that checks the DB. If they have been logged in before return to an action that redirects the user to whatever page is appropriate. If they have not, then send them to the disclaimer page.

When they submit the form for the disclaimer page, check for acceptance. If accepted, then update the DB and redirect them to the appropriate page. If not, display an error.

If I recall Spring security correctly, the acceptance page and the login page, etc. will not be secured, but other pages will be. So, like I said, I'm not sure that Spring is really involved. It is just a matter of correctly routing via your Struts actions which do all the work of looking up in the DB and routing.

Basically, spring security takes care of it - but you can override it. This is just a simple example how i would do it:

  @Autowired
private AuthenticationManager authenticationManager;

 @RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<?> login(@RequestBody AuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {

    // Perform the security
    final Authentication authentication = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    authenticationRequest.getUsername(),
                    authenticationRequest.getPassword()
            )
    ); ...
}

AutheticationRequest is just a simple object with 2 Strings inside (username, password)

Bare in mind that this method throws AuthenticationException but you can also catch it in try/catch and do some logic on failed login.

Hope it helps.

继续阅读:springspring-securitystruts2

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9