But you cannot use handler on form-login to catch authorization result. It's because of inner construction of authorization filter chain calls. Maybe it can be considered a bug?
The workaround is to implement ApplicationListener<AuthenticationSuccessEvent> and ApplicationListener<AbstractAuthenticationFailureEvent> to catch proper events.
package pl.touk.app.fe.server.security;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
public class UserSuccessfulLoginLogger implements ApplicationListener<AuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
//do something here
}
}
package pl.touk.app.fe.server.security;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
public class UserFailedLoginLogger implements ApplicationListener<AbstractAuthenticationFailureEvent> {
@Override
public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
//do something here
}
}
Then you init beans in Spring configuration
<bean id="userSuccessLoginLogger" class="pl.touk.app.fe.server.security.UserSuccessfulLoginLogger" /> <bean id="userFailedLoginLogger" class="pl.touk.app.fe.server.security.UserFailedLoginLogger" />
A drawback is that one cannot have access to request and response as could have when using authentication-success-handler-ref and authentication-failure-handler-ref.
But in my case I didn't need that.
Tip! If you cannot receive AuthenticationEvents look at this page.
Posts
No comments:
Post a Comment