本文探讨了AcegiSecurity中用户详细信息类的几个关键属性,包括credentialsNonExpired、enabled、accountNonExpired和accountNonLocked的含义及区别。通过解释这些属性的作用,帮助读者理解账户状态管理的重要性。
今天在Spring Forum的AcegiSecurity版发了个问题:
What's meaning of credentialsNonExpired...?
I don't know some propertise of org.acegisecurity.userdetails.user class, such as credentialsNonExpired. I don't know the difference among enabled, accountNonExpired and accountNonLocked.
以下是Andreas Senft的回复:
"Enabled" just means that you can use the account. This flag can be used adminstratively to disable an account without deleting it.
Account expiry causes you to change your password in determined intervals. If you fail to do so, your account will expire and you cannot use it. The flag indicates if your account has (not) expired.
A locked account is a different thing. If you, for example, enter three times a wrong password, your account might be locked, but it is not expired.
The flag tells you if your account is (not) locked.
Hope that helps,
Andreas
Account expiry causes you to change your password in determined intervals. If you fail to do so, your account will expire and you cannot use it. The flag indicates if your account has (not) expired.
A locked account is a different thing. If you, for example, enter three times a wrong password, your account might be locked, but it is not expired.
The flag tells you if your account is (not) locked.
Hope that helps,
Andreas
扫一扫
2862
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
