SpringSecurity 用户帐号已被锁定
01 异常发生场景
- 当我自定义登录接口时
- 以下是我的UserDetailsService和UserDetails接口的实现类
java
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private MsUserServiceImp msUserServiceImp;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//使用mybatis-plus,获取到账号密码数据
LambdaQueryWrapper<MsUser> qw=new LambdaQueryWrapper<>();
qw.eq(MsUser::getUsername,username);
MsUser user = msUserServiceImp.getOne(qw);
LoginUser loginUser = new LoginUser();
loginUser.setMsUser(user);
return loginUser;
}
}
java
@Data
@NoArgsConstructor
@AllArgsConstructor
public class LoginUser implements UserDetails {
private MsUser msUser;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public String getPassword() {
return msUser.getPassword();
}
@Override
public String getUsername() {
return msUser.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return false;
}
}
02 问题发生的原因
- 重写的UserDetails类默认方法返回值为false
1.isAccountNonExpired()
- 判断帐户是否过期
2.isAccountNonLocked()
- 判断帐户是否锁定
3.isCredentialsNonExpired()
- 凭据是否过期,就是登录时间到没到
4.isEnabled()
- 是否启动
03 解决方式
- 将UserDetails接口的实现类里上述方法,也就是所有方法设置为true就可以避免被锁定了