I subclassed org.springframework.security.core.userdetails.User and in my constructor I call:
Super (String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, GrantedAuthority[] authorities)
Then I use ${SPRING_SECURITY_LAST_EXCEPTION.message} to display the result when the login ${SPRING_SECURITY_LAST_EXCEPTION.message} .
The problem is that if I set accountNotLocked to false, I get an account lock error message, and this happens regardless of whether the password is correct. I would prefer this if the spring credentials were checked first and then enabled, the AccountNonExpired, credentialsNonExpired and accountNonLocked accounts. Thus, the user will only be notified that their account has been locked if they have gained access rights.
Is there any way to get spring to do this?
source share