Friday, April 22, 2011

Spring security authentication-success-handler-ref and authentication-failure-handler-ref does not work with KerberosServiceAuthenticationProvider

I'm using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author's blog.
But you cannot use handler on form-login to catch authorization result. It's because of inner construction of authorization filter chain calls. Maybe it can be considered a bug?
The workaround is to implement ApplicationListener<AuthenticationSuccessEvent> and ApplicationListener<AbstractAuthenticationFailureEvent> to catch proper events.

package pl.touk.app.fe.server.security;

import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;

public class UserSuccessfulLoginLogger implements ApplicationListener<AuthenticationSuccessEvent> {

    @Override
    public void onApplicationEvent(AuthenticationSuccessEvent event) {
        //do something here
    }
}

package pl.touk.app.fe.server.security;

import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;

public class UserFailedLoginLogger implements ApplicationListener<AbstractAuthenticationFailureEvent> {

    @Override
    public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
       //do something here
   }
}

Then you init beans in Spring configuration
<bean id="userSuccessLoginLogger" class="pl.touk.app.fe.server.security.UserSuccessfulLoginLogger" />

<bean id="userFailedLoginLogger" class="pl.touk.app.fe.server.security.UserFailedLoginLogger" />


A drawback is that one cannot have access to request and response as could have when using authentication-success-handler-ref and authentication-failure-handler-ref.
But in my case I didn't need that.

Tip! If you cannot receive AuthenticationEvents look at this page.

No comments:

Post a Comment