Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The purpose of enable attribute of Spring Security User class

What is the purpose of enable attribute of org.springframework.security.core.userdetails.User class? Should I always keep that attribute in my 'user' table and use it to populate User instances when being fetched?

like image 322
Abdelghani Roussi Avatar asked Nov 06 '14 17:11

Abdelghani Roussi


1 Answers

See UserDetails interface for more details and check isEnabled() method.

Indicates whether the user is enabled or disabled. A disabled user cannot be authenticated.

The attribute is used when a user is being authenticated. If the user is disabled, Spring Security throws DisabledException exception.

However, you can implement your own AuthenticationProvider that will ignore this attribute if it is useless for you or you can set it always to true when User instances are being created.

Hence, whether to keep this attribute in a persistent storage depends only on your needs.

like image 145
pgiecek Avatar answered Sep 19 '22 00:09

pgiecek