How to make authorization with three parameters?

A

Alena2019-02-15 11:51:42

Java

Alena, 2019-02-15 11:51:42

Good afternoon, authorization by login / password has already been implemented. But during the operation, we realized that we need to add the active / blocked user parameter. There is no option to delete a user (you can't delete a user to track user activity).
At what stage is user activity checked? When checking the login / password or determining its role?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Ivan Shumov, 2019-02-15
@inoise

You mixed authentication and authorization. Authentication you check whether this is the user. Authorization - whether he can do anything in the system. Get off this

O

Orkhan, 2019-02-15
Hasanly @azerphoenix

Hello!
For example, when I implement this in Spring, at the authorization stage I select active users with the necessary rights and find the user by email.
Code I am using for Spring

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.jdbcAuthentication()
              .dataSource(dataSource)
              .passwordEncoder(passwordEncoder())
              .usersByUsernameQuery("SELECT user_email, user_password, user_active FROM users WHERE user_email=?")
              .authoritiesByUsernameQuery("SELECT u.user_email, ur.roles FROM users u INNER JOIN user_roles ur ON u.user_id=ur.user_id WHERE user_email=?");
    }