Liferay的登录处理是在src/com/liferay/portlet/login/action/LoginAction.java中进行的。
实际的密码失效等处理是在src/com/liferay/portlet/login/util/LoginUtil.java类的
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
authResult = UserLocalServiceUtil.authenticateByEmailAddress(
company.getCompanyId(), login, password, headerMap,
parameterMap);
userId = UserLocalServiceUtil.getUserIdByEmailAddress(
company.getCompanyId(), login);
}
else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
authResult = UserLocalServiceUtil.authenticateByScreenName(
company.getCompanyId(), login, password, headerMap,
parameterMap);
userId = UserLocalServiceUtil.getUserIdByScreenName(
company.getCompanyId(), login);
}
else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
authResult = UserLocalServiceUtil.authenticateByUserId(
company.getCompanyId(), userId, password, headerMap,
parameterMap);
}
这个地方分别调用了具体的实现。
UserLocalServiceImpl中最终的实现逻辑:
public boolean isPasswordExpired(User user)
throws PortalException, SystemException {
PasswordPolicy passwordPolicy = user.getPasswordPolicy();
if (passwordPolicy.getExpireable()) {
Date now = new Date();
if (user.getPasswordModifiedDate() == null) {
user.setPasswordModifiedDate(now);
userLocalService.updateUser(user, false);
}
long passwordStartTime = user.getPasswordModifiedDate().getTime();
long elapsedTime = now.getTime() - passwordStartTime;
if (elapsedTime > (passwordPolicy.getMaxAge() * 1000)) {
return true;
}
else {
return false;
}
}
return false;
}
如果需要根据权限,部门不同密码策略不同的实现的话,需要在这些地方做相应的修改。