I have implemented spring security to protect sections of our website. I am using a DB (MongoDB) to store username/password. I implemented org.springframework.security.core.userdetails.UserDetailsService to lookup the account details from the DB.
I still need to add another feature: account activation. After registration, we send an activation email to a user and if he clicks on it, we mark the account as activated in the DB. Users that have not activated their account, should not be allowed to log in and should be redirected to a page for that.
Any ideas on how to implement? I need to somehow hook into the login process.
Thanks!
Custom AuthenticationManager is not needed. This feature is already available in Spring Security. Take a look to the doc, you can see the
enabledproperty. When you create the user, if you set that property to false and user try to login, Spring will display automatically a message informing the user that account is not active.UPDATED
In order to display Spring error messages, you should use this in the login page: