Home > database >  What exactly is "isEnabled" in the "UserDetails" class for?
What exactly is "isEnabled" in the "UserDetails" class for?

Time:04-18

This might sound like a dumb question, but I don't understand, what "isEnabled" in the "UserDetails" class is for. The documentation says "Indicates whether the user is enabled or disabled. A disabled user cannot be authenticated." So, the only thing I really need this boolean for is, to disable authentication for some users? Because I have a database and in the tutorial the guy made a extra column to save the value for that boolean. But why do I need to save that value in a database? Why would I decide to disable authentication for one of the users? Wouldn't it be smarter to just delete the account of the user then? It would be nice, if someone could explain the practical use of this boolean to me. And this is "MyUserDetails" class, where I override the methods of "UserDetails":

package de.gabriel.vertretungsplan.models;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;

public class MyUserDetails implements UserDetails {

    private String userName;
    private String password;
    private boolean active;

    private List<GrantedAuthority> authorities;

    public MyUserDetails(User user) {
        this.userName = user.getUserName();
        this.password = user.getPassword();
        this.active = user.isActive();
        this.authorities = Arrays.stream(user.getRoles().split(","))
                .map(SimpleGrantedAuthority::new)
                .collect(Collectors.toList());
        System.out.println(userName);
        System.out.println(password);
        System.out.println(active);
        System.out.println(authorities);
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return userName;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return active;
    }
}

CodePudding user response:

It can be useful if your database model uses references to users in other tables. You can't delete those users, or your database contents will be inconsistent. With proper foreign key constraints it won't even be possible without deleting those references (either by setting them to NULL, or by removing the records that contain them).

If you don't need to disable user accounts, you can always just return true from the method.

  • Related