accountNonExpired, accountNonLocked, credentialsNonExpired

**markt** · Jul 16th, 2005, 12:52 PM

Hi guys,

My user table contain the above fields and an 'enabled' field where it's comply with Acegi's user table ( http://acegisecurity.sourceforge.net.../dao/User.html ). I configured the applicationContext-security.xml like below:

<bean id="jdbcAuthenticationDao" class="net.sf.acegisecurity.providers.dao.jdbc.Jdb cDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
<property name="usersByUsernameQuery">
<value>SELECT username,password,enabled FROM user WHERE username = ?</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>SELECT username,role_name FROM user_role WHERE username = ?</value>
</property>
</bean>

I tried to set any of those fields (accountNonExpired, accountNonLocked, credentialsNonExpired) to 0 but user still be able to login. It should be the same when I set 'enabled' to 0, user won't be able to login. I'm using Hibernate3, Spring 1.2.2, MySql 4.1.12. Pls help, Thanks !

regards,
Mark

**Ben Alex** · Jul 23rd, 2005, 06:38 AM

As noted in the JavaDocs for JdbcDaoImpl:

* <p>
* In order to minimise backward compatibility issues, this DAO does not
* recognise the expiration of user accounts or the expiration of user
* credentials. However, it does recognise and honour the user
* enabled/disabled column.
* </p>

You will need to write your own AuthenticationDao to leverage these extra columns.

Thread: accountNonExpired, accountNonLocked, credentialsNonExpired

Thread Tools

Display

accountNonExpired, accountNonLocked, credentialsNonExpired

Similar Threads

HELP: RememberMe does not work

Posting Permissions