This is a branch from this question. Branched out because the original purpose of that question was something else.
I'm looking for the easiest way to check if a password is expired. A password will expire if its older than N days, where N is a value stored in another table.
My User cl开发者_如何学Goass looks like this:
Security config:
loginUserDomainClass = "com.emp.app.user.User"
/**
* User domain class.
*/
class User {
static transients = ['pass','passwordExpired','credentialsNonExpired']
static hasMany = [authorities: Role]
static belongsTo = Role
/** Username */
String username
/** User Real Name*/
String userRealName
/** MD5 Password */
String passwd
/** enabled */
boolean enabled
String email
boolean emailShow
/** description */
String description = ''
/** plain password to create a MD5 password */
String pass = '[secret]'
static constraints = {
username(blank: false, unique: true)
userRealName(blank: false)
passwd(blank: false)
enabled()
}
public boolean isCredentialsNonExpired() {
//Check for the N value
return true;
}
}
I added the isCredentialsNonExpired() hoping it would be called on login, when credentials are checked, but it isnt. Is there a way for it to do so?
I'm quite confused about this, not sure if I have to write custom code to replace some acegi functionality or what.
Thanks in advance.
I'd do it in a custom UserDetailsService - see http://www.grails.org/AcegiSecurity+Plugin+-+Custom+UserDetailsService
While you're loading the user from the database and populating the UserDetails you have a chance to set credentials expired = true (and/or enabled, accountLocked, and accountExpired).
You'd probably do this by adding a "Date lastPasswordUpdate" field to the User domain class that gets updated every time the user changes the password. Compare that date to today's and if it's more than N days ago, set it to false.
I think the correct way to do this would be to have your authentication provider decide if a password is expired.
精彩评论