Spring AbstractAuthenticationFailureEvent 不起作用。身份验证失败时

【问题标题】:Spring AbstractAuthenticationFailureEvent is not working. When authentication is FailedSpring AbstractAuthenticationFailureEvent 不起作用。身份验证失败时
【发布时间】:2021-12-19 07:47:36
【问题描述】:

试图触发身份验证失败事件。但是没有触发

@EventListener
    public void authFailedEventListener(AbstractAuthenticationFailureEvent authenticationFailureEvent) {
        // code for logging audit
        if(authenticationFailureEvent instanceof AbstractAuthenticationFailureEvent) { System.out.print(true);
    }else {
        System.out.print(false);
        
    }
        System.out.println(authenticationFailureEvent);
        //System.out.println("login failed for -->"+authenticationFailureEvent.getAuthentication().getPrincipal());
        System.out.print("Event Catched for Failed");
    }

配置类

protected void configure(AuthenticationManagerBuilder auth) throws Exception{
        try {
        auth.authenticationProvider(customAuthentication);
        auth.authenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher));
        }catch(OAuth2Exception ex) {
            throw new CustomOauthException(ex.getMessage());
        }
    }

【问题讨论】:

标签: java spring-security


【解决方案1】:

像下面这样配置DefaultAuthenticationEventPublisher

@Bean
DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
     return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
  }

并在您的身份验证管理器中使用它,例如

  @Autowired
  DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
  }

我做的测试:

配置类

@Configuration
public class ProjectConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .anyRequest().authenticated()
        .and().httpBasic();
  }

  @Autowired
  DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .inMemoryAuthentication()
        .passwordEncoder(NoOpPasswordEncoder.getInstance())
        .withUser("user").password("password").roles("USER");
    auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
  }

  @Override
  @Bean
  public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
  }

  @Bean
  DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(
      ApplicationEventPublisher applicationEventPublisher) {
    return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
  }
}

和监听器类:

@Component
public class GlobalEventsHandlers {

  @EventListener
  public void authFailedEventListener(
      AbstractAuthenticationFailureEvent authenticationFailureEvent) {
    // code for logging audit
    if (authenticationFailureEvent instanceof AbstractAuthenticationFailureEvent) {
      System.out.println("authenticationFailureEvent");
    } else {
      System.out.println("not authenticationFailureEvent");

    }
    System.out.println(authenticationFailureEvent);
    //System.out.println("login failed for -->"+authenticationFailureEvent.getAuthentication().getPrincipal());
    System.out.println("Event Catched for Failed");
  }

  @EventListener
  public void authSuccessEventListener(AuthenticationSuccessEvent authenticationSuccessEvent) {
    // code for logging audit
    if (authenticationSuccessEvent instanceof AuthenticationSuccessEvent) {
      System.out.println("authenticationSuccessEvent");
    } else {
      System.out.println("not authenticationSuccessEvent");

    }
    System.out.println(authenticationSuccessEvent);
    System.out.println("Event Catched for success");
  }
}

结果:

authenticationFailureEvent
org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=UsernamePasswordAuthenticationToken [Principal=use, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[]]]
Event Catched for Failed
authenticationSuccessEvent
org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=F6977BE6F40E41D5972C4233868DF312], Granted Authorities=[ROLE_USER]]]
Event Catched for success

【讨论】:

  • 我仍然无法触发身份验证失败事件。即使配置了上述
  • @vinaysaddanapu 你能提供一个Minimal, Reproducible Example 以便我检查吗? (我在发布之前测试了解决方案)
  • @vinaysaddanapu 你把@EventListener放在哪里? spring 会选择有注解方法的类吗?
  • 我采用了一个单独的类并添加了两个方法并使用@EventListener 进行了注释。能够捕获认证成功事件
  • 我正在尝试使用我的服务包。
猜你喜欢
  • 1970-01-01
  • 2020-02-06
  • 2018-11-02
  • 2021-06-24
  • 2017-12-06
  • 2017-10-03
  • 2015-07-28
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode