Spring AbstractAuthenticationFailureEvent 不工作。认证失败时
Spring AbstractAuthenticationFailureEvent is not working. When authentication is Failed
正在尝试触发身份验证失败事件。但是没有触发
@EventListener
public void authFailedEventListener(AbstractAuthenticationFailureEvent authenticationFailureEvent) {
// code for logging audit
if(authenticationFailureEvent instanceof AbstractAuthenticationFailureEvent) { System.out.print(true);
}else {
System.out.print(false);
}
System.out.println(authenticationFailureEvent);
//System.out.println("login failed for -->"+authenticationFailureEvent.getAuthentication().getPrincipal());
System.out.print("Event Catched for Failed");
}
配置class
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
try {
auth.authenticationProvider(customAuthentication);
auth.authenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher));
}catch(OAuth2Exception ex) {
throw new CustomOauthException(ex.getMessage());
}
}
像下面这样配置DefaultAuthenticationEventPublisher
@Bean
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
并在您的身份验证管理器中使用它,例如
@Autowired
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
}
我做的测试:
配置class
@Configuration
public class ProjectConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic();
}
@Autowired
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("user").password("password").roles("USER");
auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(
ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
}
和听众class:
@Component
public class GlobalEventsHandlers {
@EventListener
public void authFailedEventListener(
AbstractAuthenticationFailureEvent authenticationFailureEvent) {
// code for logging audit
if (authenticationFailureEvent instanceof AbstractAuthenticationFailureEvent) {
System.out.println("authenticationFailureEvent");
} else {
System.out.println("not authenticationFailureEvent");
}
System.out.println(authenticationFailureEvent);
//System.out.println("login failed for -->"+authenticationFailureEvent.getAuthentication().getPrincipal());
System.out.println("Event Catched for Failed");
}
@EventListener
public void authSuccessEventListener(AuthenticationSuccessEvent authenticationSuccessEvent) {
// code for logging audit
if (authenticationSuccessEvent instanceof AuthenticationSuccessEvent) {
System.out.println("authenticationSuccessEvent");
} else {
System.out.println("not authenticationSuccessEvent");
}
System.out.println(authenticationSuccessEvent);
System.out.println("Event Catched for success");
}
}
结果:
authenticationFailureEvent
org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=UsernamePasswordAuthenticationToken [Principal=use, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[]]]
Event Catched for Failed
authenticationSuccessEvent
org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=F6977BE6F40E41D5972C4233868DF312], Granted Authorities=[ROLE_USER]]]
Event Catched for success
正在尝试触发身份验证失败事件。但是没有触发
@EventListener
public void authFailedEventListener(AbstractAuthenticationFailureEvent authenticationFailureEvent) {
// code for logging audit
if(authenticationFailureEvent instanceof AbstractAuthenticationFailureEvent) { System.out.print(true);
}else {
System.out.print(false);
}
System.out.println(authenticationFailureEvent);
//System.out.println("login failed for -->"+authenticationFailureEvent.getAuthentication().getPrincipal());
System.out.print("Event Catched for Failed");
}
配置class
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
try {
auth.authenticationProvider(customAuthentication);
auth.authenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher));
}catch(OAuth2Exception ex) {
throw new CustomOauthException(ex.getMessage());
}
}
像下面这样配置DefaultAuthenticationEventPublisher
@Bean
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
并在您的身份验证管理器中使用它,例如
@Autowired
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
}
我做的测试:
配置class
@Configuration
public class ProjectConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic();
}
@Autowired
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("user").password("password").roles("USER");
auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(
ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
}
和听众class:
@Component
public class GlobalEventsHandlers {
@EventListener
public void authFailedEventListener(
AbstractAuthenticationFailureEvent authenticationFailureEvent) {
// code for logging audit
if (authenticationFailureEvent instanceof AbstractAuthenticationFailureEvent) {
System.out.println("authenticationFailureEvent");
} else {
System.out.println("not authenticationFailureEvent");
}
System.out.println(authenticationFailureEvent);
//System.out.println("login failed for -->"+authenticationFailureEvent.getAuthentication().getPrincipal());
System.out.println("Event Catched for Failed");
}
@EventListener
public void authSuccessEventListener(AuthenticationSuccessEvent authenticationSuccessEvent) {
// code for logging audit
if (authenticationSuccessEvent instanceof AuthenticationSuccessEvent) {
System.out.println("authenticationSuccessEvent");
} else {
System.out.println("not authenticationSuccessEvent");
}
System.out.println(authenticationSuccessEvent);
System.out.println("Event Catched for success");
}
}
结果:
authenticationFailureEvent
org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=UsernamePasswordAuthenticationToken [Principal=use, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[]]]
Event Catched for Failed
authenticationSuccessEvent
org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=F6977BE6F40E41D5972C4233868DF312], Granted Authorities=[ROLE_USER]]]
Event Catched for success