UmY*_*eah 21 java spring-security
我想跟踪用户何时登录我的应用程序.我有一些代码,我想在用户通过身份验证后立即执行.问题是,我无法弄清楚应该在哪里调用它.spring-security是否有办法在身份验证后调用方法?
sab*_*sab 32
可能对某人有用......如果是Spring 3,请配置安全性:
<security:http use-expressions="true" auto-config="true">
<security:intercept-url pattern="..."/>
<security:form-login
authentication-failure-handler-ref="authFailureHandler"
authentication-success-handler-ref="authSuccessHandler"/>
<security:logout success-handler-ref="logoutSuccessHandler"
invalidate-session="true"/>
<security:session-management session-fixation-protection="newSession"/>
</security:http>
<bean id="authFailureHandler" class="mine.AuthenticationFailureHandlerImpl"/>
<bean id="authSuccessHandler" class="mine.AuthenticationSuccessHandlerImpl"/>
<bean id="logoutSuccessHandler" class="mine.LogoutSuccessHandlerImpl"/>
并实施适当的类:
public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//do what you want with
response.getOutputStream().write("success".getBytes());
}
}
您可以通过该xml配置链接资源.
ams*_*ams 13
最好的方法是创建一个应用程序监听器并使用spring安全上下文进行注册.
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
public class AuthenticationSuccessListener implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(InteractiveAuthenticationSuccessEvent event) {
System.out.println("User Logged In");
}
}
确保将spring-security.xml作为bean添加上面的类.您可以侦听许多其他类型的安全事件侦听器,检查类型层次结构以获取可以侦听的所有类型的安全事件的列表.
如果您想继续执行默认行为,但只是在执行您自己的业务逻辑之间,您可以在返回之前extend SimpleUrlAuthenticationSuccessHandler调用super.onAuthenticationSuccess(request, response, authentication);.更多细节请参考/sf/answers/473954981/
只需编写您自己的 SpringSecurityFilter 并在调用您的身份验证提供程序后将其添加到过滤器链中即可。
package my.code;
public class AuditFilter extends SpringSecurityFilter {
public void doFilterHttp(...) throws ... {
{application code to run before request is processed}
chain.doFilter(...);
{application code to run after request has fully processed}
}
}
然后在您的配置 XML 中(无论您在何处设置安全过滤器链)添加如下行:
<bean id="auditFilter" class="my.code.AuditFilter>
<security:custom-filter position="LAST"/> <-- you can change the position
</bean>
| 归档时间: |
|
| 查看次数: |
26952 次 |
| 最近记录: |