登录用友显示java已被阻止_解决Spring Security 用户帐号已被锁定问题

最新推荐文章于 2022-10-22 11:35:11 发布
最新推荐文章于 2022-10-22 11:35:11 发布
阅读量591 收藏
点赞数
文章标签: 登录用友显示java已被阻止
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_28862967/article/details/114739997
版权

1、问题描述

主要就是org.springframework.security.authentication.LockedException: 用户帐号已被锁定这个异常,完整异常如下:

[2020-05-09 16:07:00 下午]:DEBUG org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider$DefaultPreAuthenticationChecks.check(AbstractUserDetailsAuthenticationProvider.java:353)User account is locked

[2020-05-09 16:07:00 下午]:DEBUG org.springframework.web.servlet.FrameworkServlet.logResult(FrameworkServlet.java:1101)Failed to complete request: org.springframework.security.authentication.LockedException: 用户帐号已被锁定

[2020-05-09 16:07:00 下午]:DEBUG org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:170)Authentication exception occurred; redirecting to authentication entry point

org.springframework.security.authentication.LockedException: 用户帐号已被锁定

at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider$DefaultPreAuthenticationChecks.check(AbstractUserDetailsAuthenticationProvider.java:355)

at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)

at cn.edu.njust.mango.security.SecurityUtils.login(SecurityUtils.java:82)

at cn.edu.njust.mango.controller.SysLoginController.login(SysLoginController.java:104)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)

at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)

at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)

at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:879)

at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793)

at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)

at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)

at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at cn.edu.njust.mango.security.JwtAuthenticationFilter.doFilterInternal(JwtAuthenticationFilter.java:27)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:92)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)

at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)

at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1594)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

测试结果直接403

c59ed9d6df4d7621ad1d8d4f2951b8a1.png

2、问题分析

明明用户名和密码正确,而且没有设置状态锁定,怎么被锁定了呢?这是由于我们在重写UserDetails接口时,有个默认实现的方法public boolean isAccountNonLocked(),默认返回的是false,翻译成人话就是:是否不上锁,否,即上锁。异常代码如下:

package cn.edu.njust.mango.security;

import com.fasterxml.jackson.annotation.JsonIgnore;

import lombok.Data;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;

/**

* @author Chen

* @version 1.0

* @date 2020/5/8 7:42

* @description:

*/

@Data

public class JwtUserDetails implements UserDetails {

private String username;

private String password;

private String salt;

private Collection extends GrantedAuthority> authorities;

public JwtUserDetails(String username, String password, String salt, Collection extends GrantedAuthority> authorities) {

this.username = username;

this.password = password;

this.salt = salt;

this.authorities = authorities;

}

@Override

public boolean isAccountNonExpired() {

return false;

}

@Override

public boolean isAccountNonLocked() {

return false;

}

@Override

public boolean isCredentialsNonExpired() {

return false;

}

@Override

public boolean isEnabled() {

return false;

}

}

96145e4e6c861d488e2068734e03c4ce.png

3、问题解决

知道原因就很好解决了。直接将返回值变成true就行了。修改后的代码如下:

package cn.edu.njust.mango.security;

import com.fasterxml.jackson.annotation.JsonIgnore;

import lombok.Data;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;

/**

* @author Chen

* @version 1.0

* @date 2020/5/8 7:42

* @description:

*/

@Data

public class JwtUserDetails implements UserDetails {

private String username;

private String password;

private String salt;

private Collection extends GrantedAuthority> authorities;

public JwtUserDetails(String username, String password, String salt, Collection extends GrantedAuthority> authorities) {

this.username = username;

this.password = password;

this.salt = salt;

this.authorities = authorities;

}

// 在实体类向前台返回数据时用来忽略不想传递给前台的属性或接口。

@JsonIgnore

@Override

public boolean isAccountNonExpired() {

return true;

}

@JsonIgnore

@Override

public boolean isAccountNonLocked() {

return true;

}

@JsonIgnore

@Override

public boolean isCredentialsNonExpired() {

return true;

}

@JsonIgnore

@Override

public boolean isEnabled() {

return true;

}

}

4047c6adf78bfb8635abea58c91ec61e.png

重启服务器再次访问。

6e0c87e46773979680d106ee954801ed.png

返回200,访问成功!

4、总结

书上的代码直接运行绝大部分是对的,但是总有一些软件的更新使得作者无能为力。之前的API是对的,但是之后就废弃了或修改了是常有的事。所以我们需要跟踪源代码。这只是一个小小的问题,如果没有前辈的无私奉献,很难想象我们自己一天能学到多少内容。

到此这篇关于解决Spring Security 用户帐号已被锁定 问题的文章就介绍到这了,更多相关Spring Security 用户帐号已被锁定内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!

关岛奈奈
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
用友U8 cloud servicedispatcher 反序列化漏洞(含批量验证poc)
weixin_43567873的博客
04-28 340
用友U8 cloud servicedispatcher 反序列化漏洞(含批量验证poc)
Spring Security 用户帐号已被锁定 问题
珍惜
05-09 1万+
Spring Security 用户帐号已被锁定 问题1、问题描述2、问题分析3、问题解决4、总结 1、问题描述 主要就是org.springframework.security.authentication.LockedException: 用户帐号已被锁定这个异常,完整异常如下: [2020-05-09 16:07:00 下午]:DEBUG org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationP
聊聊spring security的账户锁定
weixin_34064653的博客
12-21 1103
序 对于登录功能来说,为了防止暴力破解密码,一般会对登录失败次数进行限定,在一定时间窗口超过一定次数,则锁定账户,来确保系统安全。本文主要讲述一下spring security的账户锁定。 UserDetails spring-security-core-4.2.3.RELEASE-sources.jar!/org/springframework/security/core/userdetails...
用友nc阻止java运行_用友NC网页版进不去,应用程序已被安全设置阻止..._安全工程师_帮考网...
weixin_39996762的博客
02-25 1197
在浏览器打开java程序时,出现应用程序已被阻止,应用程序错误,请单击以获取详细信息,遇到应用程序已被安全设置阻止怎么办,这个问题一般会同时出现在IE和chrome中,所以更换浏览器并不能解决问题。在访问含有java程序的页面时,出现如图应用程序已被阻止问题对话框,提示您的安全设置已阻止不可信应用程序运行。点击确定后,在含有java的页面中会出现“错误。请单击以获取详细信息”。java应用程序已...
Spring Security LockedException: User account is locked问题解决
旭东怪的博客
03-30 3554
问题描述: org.springframework.security.authentication.LockedException: User account is locked 问题分析: 1、实现了UserDetails类的isAccountNonLocked方法,但是返回了false,代表用户已经锁住了。 @Override public boolean isAccountNonLocked() { return false; } 解决办法:isAc
Spring Security账号被禁用时自定义抛错信息
小楼夜听雨的博客
07-07 871
前端提的bug,说是账号被禁用时,提示的错误信息依然是”账号或者密码错误“。 确实应该让用户知道登录不上的准确原因。 找到登录失败处理的类,不出意外应该是继承UsernamePasswordAuthenticationFilter的自定义类。 打几个断点,用被禁用的账号登录看看,最后发现进入下面的方法。 抛出的异常为 我们可以通过异常类型的检查,来区分不同的登陆失败原因、自定义提示信息。 @Override protected void unsuccessfulA.
【每日进步一点点】SpringSecurity退出登录不生效问题
u012329294的专栏
04-08 3402
SpringSecurity实现了登录,但配置了退出登录,始终不成功。 配置情况如下: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**").permitAll() ...
消除用友NC登录java安全警告对话框问题解决办法.pdf
10-08
"消除用友NC登录java安全警告对话框问题解决办法" 在使用用友NC登录时,可能会出现java安全警告对话框的问题,这是由于NC证书没有被正确地安装和配置所致。以下是解决问题的步骤: 首先,需要从JAVA中导出NC...
用友软件凭证填制环节常见问题解决方案.pdf
11-28
"用友软件凭证填制环节常见问题解决方案" 用友软件凭证填制环节常见问题解决方案是基于用友 ERP-U8.72 软件的实际应用中,总结了凭证填制环节的常见问题,并结合典型案例,追根寻源,深入剖析其产生的原因,...
用友主数据管理解决方案.ppt
10-16
用友主数据管理解决方案是企业级的主数据管理解决方案,旨在帮助企业解决主数据管理问题,提高业务效率和决策效率。该解决方案通过集成多个系统和数据库,提供统一的主数据视图,帮助企业掌握客户、产品、供应商、...
凭证录入工具new_UFIDAvouchertool_用友_用友凭证_凭证_
10-04
用友凭证工具,生成总账工具可以使用的格式
用友U8与U9同台服务器共存安装问题解决方案
最新发布
02-20
用友U8和U9需要同时安装在一台电脑或者服务器上,怎么安装?
升级到Spring Security 4.2的坑及解决办法
甘焕的博客
05-12 9366
把框架从Spring Security从3升级到4,结果出现了一大堆错误,每一个都是巨坑,几个非常熟悉的问题,花了我几乎一整天的时间,下面一一说来。1. 验证始终无法通过输入正确的用户名与密码,却始终收到这样的异常:org.springframework.security.authentication.BadCredentialsException: Bad credentials at o
SpringMVC执行流程简介
qq_45174642的博客
08-13 354
1、执行详细流程: 用户向服务器发送请求,请求被SpringMVC 前端控制器 DispatcherServlet捕获。 DispatcherServlet对请求URL进行解析,得到请求资源标识符(URI),判断请求URI对应的映射: a) 不存在 i. 再判断是否配置了mvc:default-servlet-handler ii. 如果没配置,则控制台报映射查找不到,客户端展示404错误 iii. 如果有配置...
004springSecurity之配置类中配置用户名密码
lcgskycby的博客
03-03 504
在配置类中配置用户名密码如下: @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean PasswordEncoder passwordEncoder(){ //不加密方式返回 return NoOpPasswordEncoder.getInstance(); } @Override protected void
org.springframework.security.access.AccessDeniedException: 不允许访问
louis_lee7812的专栏
10-22 7497
org.springframework.security.access.AccessDeniedException: 不允许访问。原因是:@PreAuthorize 注解的异常,抛出AccessDeniedException异常,不会被accessDeniedHandler捕获,而是会被全局异常捕获。
org.springframework.web.servlet.FrameworkServlet 470 initServletBean - Context initialization failed
热门推荐
Jack魏
02-21 1万+
信息: Initializing Spring FrameworkServlet 'springmvc' 2019-02-21 09:41:29.928 ERROR org.springframework.web.servlet.FrameworkServlet 470 initServletBean - Context initialization failed org.springframew...
五、Spring Security使用数据库数据完成认证
付之一笑的专栏
08-25 680
一、认证流程分析 1.1、UsernamePasswordAuthenticationFilter // // Source code recreated from a .class file by IntelliJ IDEA // (powered by FernFlower decompiler) // package org.springframework.security.web.authentication; import javax.servlet.http.HttpServletReque
spring security 配置
天空 星座 海
05-21 731
"1.0" encoding="UTF-8"?>  "http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xmlns:aop="http://www.springframework.org
org.springframework.security.authentication.LockedException: User account is locked
05-16
这个异常表示用户账户被锁定了,可能是由于用户输入错误密码次数过多导致的。要解锁该用户账户,可以尝试以下方法: 1. 等待一段时间,通常账户会自动解锁。 2. 通过管理员账户登录到系统,找到该用户账户并手动解锁。 3. 在数据库中找到该用户账户记录,将其对应的锁定状态字段设置为未锁定。 如果以上方法都不能解决问题,可能需要进一步检查系统设置、日志等信息,以确定具体原因。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值