Reputation: 5781
Spring Security with OpenId Checkin for isAccountNonLocked
I have an application that is using Spring Security 3.0.3 and OpenID as its main authentication provider. I am curious as to why in my UserDetails Object the "isAccoutNonLocked" method is never called? Is this solely for form-login implementation, or am I missing something?
If someone can point me in the right direction on a handler or filter that I can create to manually call this method it would be greatly appreciated.
Thanks.
Upvotes: 2
Views: 304
Answers (1)
Reputation: 5781
Well, I figured out a way around this issue; I created an "around" advice around the "authenticate" method of the OpenIDAuthenticationProvider and I am checking the isAccountNonLocked method of the UserDetails object. If the account is locked, then I throw a "LockedException" and catch it with a custom "SimpleUrlAuthenticationFailureHandler" that I have extended.
Upvotes: 1
Related Questions
- Spring Security Pre Authentication Account Lock Check
- Spring Security with Openid and Database Integration
- Java Spring Security with OpenId Provider
- Spring security - Spring doesn't check on isAccountNonLocked for UserDetails on correct login
- Spring security authenticaton
- Spring Security OpenID - UserDetailsService, AuthenticationUserDetailsService
- Spring-Security OpenId won't work
- Spring security openId support and user deauthentication
- Register while login with openid spring security
- Use OpenID Selector with Spring Security