Home/ Questions/Q 7593769
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T21:15:08+00:00

i am authenticating my users with UserDetailsService: <authentication-manager alias=authenticationManager> <authentication-provider user-service-ref=userDetailsService> <password-encoder hash=sha/> </authentication-provider>

  • 0

i am authenticating my users with UserDetailsService:

<authentication-manager alias="authenticationManager">          
      <authentication-provider user-service-ref="userDetailsService">
         <password-encoder hash="sha"/>             
      </authentication-provider>   
    </authentication-manager>

userDetailsService class:

@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserService userService;


    @Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException {

User user = null;
    try {
        user = userService.getUserByUsername(username);
    } catch (Exception e) {
        e.printStackTrace();
    }


   if (user.isForceChangePass()) {
        MyForcePasswordChangeException bad = new MyForcePasswordChangeException(
                "Password is not valid, and it must be changed!");
        throw bad;
    }

}

EDIT:

after getting username i check for ForceChangePass indicator and if it’s true i through my own exception which in turns lands user to loginFailureHandler (despite password is correct or not) i want in the loginFailureHandler to check if my exception is thrown in case of login success only.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    loadUserByUsername() is not suppose to check credentials, it should only load UserDetails object (having getPassword() method) or throw UsernameNotFoundException.

    If you want to check whether the user successfully authenticated or not, have a look at Listening to successful login with Spring Security:

    <form-login 
  authentication-success-handler-ref="authenticationSuccessHandler"
  authentication-failure-url="authenticationFailureHandler"/>

    You must implement AuthenticationSuccessHandler and AuthenticationFailureHandler.

    Alternatively consider subclassing BasicAuthenticationFilter and override onSuccessfulAuthentication() and onUnsuccessfulAuthentication().

    • 0