Spring security Spring安全帐户锁定

您好，我有一个使用SpringWebFlow和SpringSecurity的j2ee应用程序。我想实施一个帐户锁定，这样在三次密码失败后，帐户将被锁定。我如何实现这一点。

您可以使用？此方法是在中建议的（请参见常见问题3）。

该行为属于下划线身份验证提供程序。如果您使用的是LDAP，并且存在密码策略，则如果帐户被阻止，将引发异常。

---

如果当前用户没有此功能，则将其子类化。

您可以使用AuthenticationFailureHandler

public class MySimpleAuthenticationFailureHandler  implements
AuthenticationFailureHandler {

private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

 public MySimpleAuthenticationFailureHandler() {
        super();
    }
public void onAuthenticationFailure(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException exception)
                throws IOException, ServletException {

    String message = "";

    if(exception instanceof UsernameNotFoundException) {
        message = "UsernameNotFoundException";
    } else if(exception instanceof AuthenticationCredentialsNotFoundException) {
        message = "AuthenticationCredentialsNotFoundException";
    }else if(exception instanceof InsufficientAuthenticationException) {
        message = "InsufficientAuthenticationException";
    }else if(exception instanceof AccountExpiredException) {
        message = "AccountExpiredException";
    }else if(exception instanceof CredentialsExpiredException) {
        message = "CredentialsExpiredException";
    }else if(exception instanceof DisabledException) {
        message = "DisabledException";
    }else if(exception instanceof LockedException) {
        message = "LockedException";
    }else if(exception instanceof BadCredentialsException) {
        message = "BadCredentialsException";
    }else{
        message = exception.getMessage();
    }
    final HttpSession session = request.getSession();
    session.setAttribute("errorMessage", message);
    redirectStrategy.sendRedirect(request, response, "/login?error="+message);
}

}

---

我注册了一个bean来实现应用程序处理程序并检查AuthenticationFailureHandler的实例