Issue
UserDetails has three parameters accountNonExpired, credentialsNonExpired, and accountNonLocked.
I don't quite understand their differences in action. All three parameters block the account if set to false.
So why are they needed, if they perform the same action, I do not quite understand. After all, you can leave one parameter, for example, accountNonLocked, and that will be enough.
Explain to me please, otherwise I don't understand something.
Solution
This is just separate set of reasons to block an account. Each of parameters has it's own exception:
accountNonLocked | LockedException
credentialsNonExpired | CredentialsExpiredException
accountNonExpired | AccountExpiredException
If you write your own exception handler, you could easily customize error messages/code logic. For example:
@PostMapping("/login")
public String login() {
try{
loginService.login();
return "redirect:/main-page";
}
catch (CredentialsExpiredException e) {
return "redirect:/change-credentials-page";
}
catch (LockedException e) {
return "redirect:/write-to-admin-page";
}
... etc
}
Note: this is probably not a proper way to handle auth exceptions nor a good way to handle login logic
Answered By - Balthazar
Answer Checked By - David Goodson (JavaFixing Volunteer)