Spring Security with OpenId Checkin for isAccountNonLocked
I have an application that is using Spring Security 3.0.3 and OpenID as its main authentication provider. I am curious as to why in my UserDetails Object the "isAccoutNonLocked" method is never called? Is this solely for form-login implementation, or am I missing something?
If someone can point me in the right direction on a hand开发者_开发技巧ler or filter that I can create to manually call this method it would be greatly appreciated.
Thanks.
Well, I figured out a way around this issue; I created an "around" advice around the "authenticate" method of the OpenIDAuthenticationProvider and I am checking the isAccountNonLocked method of the UserDetails object. If the account is locked, then I throw a "LockedException" and catch it with a custom "SimpleUrlAuthenticationFailureHandler" that I have extended.
精彩评论