How to restrict access in Spring Security to users with blocked status?

D

Dmitry Pashko2018-02-21 13:15:01

Java

Dmitry Pashko, 2018-02-21 13:15:01

Good afternoon, I want to make sure that a user with blocked statuses cannot log in and issue an appropriate error. Is there any tool in spring for this?
Here is my Spring Security config.

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/","/login","/resources/*","/favicon.ico").permitAll()
                .antMatchers("/user/**").access("hasRole('ROLE_USER')")
                .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_SUPER_ADMIN')")
                .and()
                .formLogin()
                .loginProcessingUrl("/login")
                .loginPage("/login")
                .successHandler(authenticationSuccessHandler)
                .failureUrl("/login?error=true")
                .and()
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login")
                .and().csrf().disable();
    }

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

piatachki, 2018-02-21
@demonewe

You're digging a little in the wrong place. The UserDetail interface assumes that the user can be blocked. When you implement your

public class CustomUserDetails implements UserDetails

, override the method

@Override
    public boolean isAccountNonLocked() {
        return true;
    }

according to the logic of work that you expect for your software. Everything is for the sim. Matchers do not need to be touched.