Liferay登录中的密码期限判断

Liferay的登录处理是在src/com/liferay/portlet/login/action/LoginAction.java中进行的。

实际的密码失效等处理是在src/com/liferay/portlet/login/util/LoginUtil.java类的

if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
   authResult = UserLocalServiceUtil.authenticateByEmailAddress(
    company.getCompanyId(), login, password, headerMap,
    parameterMap);

   userId = UserLocalServiceUtil.getUserIdByEmailAddress(
    company.getCompanyId(), login);
  }
  else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
   authResult = UserLocalServiceUtil.authenticateByScreenName(
    company.getCompanyId(), login, password, headerMap,
    parameterMap);

   userId = UserLocalServiceUtil.getUserIdByScreenName(
    company.getCompanyId(), login);
  }
  else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
   authResult = UserLocalServiceUtil.authenticateByUserId(
    company.getCompanyId(), userId, password, headerMap,
    parameterMap);
  }

 

这个地方分别调用了具体的实现。

UserLocalServiceImpl中最终的实现逻辑：

public boolean isPasswordExpired(User user)
  throws PortalException, SystemException {

  PasswordPolicy passwordPolicy = user.getPasswordPolicy();

  if (passwordPolicy.getExpireable()) {
   Date now = new Date();

   if (user.getPasswordModifiedDate() == null) {
    user.setPasswordModifiedDate(now);

    userLocalService.updateUser(user, false);
   }

   long passwordStartTime = user.getPasswordModifiedDate().getTime();
   long elapsedTime = now.getTime() - passwordStartTime;

   if (elapsedTime > (passwordPolicy.getMaxAge() * 1000)) {
    return true;
   }
   else {
    return false;
   }
  }

  return false;
 }

 

如果需要根据权限，部门不同密码策略不同的实现的话，需要在这些地方做相应的修改。