开发者

grails Acegi: How to check for expired password

开发者 https://www.devze.com 2023-01-19 00:43 出处:网络
This is a branch from this question. Branched out because the original purpose of that question was something else.

This is a branch from this question. Branched out because the original purpose of that question was something else.

I'm looking for the easiest way to check if a password is expired. A password will expire if its older than N days, where N is a value stored in another table.

My User cl开发者_如何学Goass looks like this:

Security config:
loginUserDomainClass = "com.emp.app.user.User"

/**
 * User domain class.
 */
class User {
   static transients = ['pass','passwordExpired','credentialsNonExpired']
   static hasMany = [authorities: Role]
   static belongsTo = Role
   /** Username */
   String username
   /** User Real Name*/
   String userRealName
   /** MD5 Password */
   String passwd
   /** enabled */
   boolean enabled

   String email
   boolean emailShow

   /** description */
   String description = ''

   /** plain password to create a MD5 password */
   String pass = '[secret]'

   static constraints = {
      username(blank: false, unique: true)
      userRealName(blank: false)
      passwd(blank: false)
      enabled()
   }

   public boolean isCredentialsNonExpired() {

          //Check for the N value
         return true;
   }
}

I added the isCredentialsNonExpired() hoping it would be called on login, when credentials are checked, but it isnt. Is there a way for it to do so?

I'm quite confused about this, not sure if I have to write custom code to replace some acegi functionality or what.

Thanks in advance.


I'd do it in a custom UserDetailsService - see http://www.grails.org/AcegiSecurity+Plugin+-+Custom+UserDetailsService

While you're loading the user from the database and populating the UserDetails you have a chance to set credentials expired = true (and/or enabled, accountLocked, and accountExpired).

You'd probably do this by adding a "Date lastPasswordUpdate" field to the User domain class that gets updated every time the user changes the password. Compare that date to today's and if it's more than N days ago, set it to false.


I think the correct way to do this would be to have your authentication provider decide if a password is expired.

0

精彩评论

暂无评论...
验证码 换一张
取 消