Geek asks and answers

Logging with Spring Security

I want to register every login in my web application. I was able to access the logins that go through UsernamePasswordAuthenticationFilter, but I don’t know how to register users who log in using the mem-me function. I tried to override

createSuccessfulAuthentication(HttpServletRequest request, UserDetails user)

from TokenBasedRememberMeServices, but then entries are also written because the mem-me service re-authenticates the user.

+5
source share
3 answers

To register every successful login, I believe that the best way is to create a LoginSucessHandler and specify an authentication success handler for regular login as well as for remembering. I did this with below code and configuration.

@Service
public class LoginSucessHandler extends
        SavedRequestAwareAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws ServletException, IOException {
        User user = (User) authentication.getPrincipal();
            // record login success of user
        super.onAuthenticationSuccess(request, response, authentication);
    }

}

<http auto-config="true" use-expressions="true">
    <form-login login-page="/login"
        authentication-failure-url="/login.hst?error=true"
        **authentication-success-handler-ref="loginSucessHandler"** />
    <logout invalidate-session="true" logout-success-url="/home"
        logout-url="/logout" />
    <remember-me key="jbcp" **authentication-success-handler-ref="loginSucessHandler"**/>
    <session-management>
    <concurrency-control max-sessions="1" />
</session-management>
</http>
+5
source

- Spring ApplicationListener.

Spring , . , .

LoggerListener. .

, , cookie cookie, , , .

, URL- mem-me, ( - ), .

+4

, , , . .

, . , . web.xml.

0

More articles:


All Articles