SpringSecurity3.0 AuthenticationSuccessEvent cannot be detected

Question

Hi all,

I want to prepare some data after user login system. After some google, I implemented a ApplicationListener to listen AuthenticationSuccessEvent:

import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component;

@Component public class MyApplicationListener implements ApplicationListener {

@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
 UserDetails userDetails = (UserDetails) event.getAuthentication()
   .getPrincipal();
 System.out.println("Successed login:" + userDetails.getUsername());

}

}

I updated to Spring 3.0 RELEASE, and Spring Security 3.0.0.RC2. But I can never get called for AuthenticationSuccessEvent:( (I tried other event, such as AuthenticationFailureBadCredentialsEvent, it worked).

I use my own authentication-manager and do nothing about the event:

Do I need to podcast the event by myself?

Thank you.

Answer 1

Hi,

I'm using Spring-Security 2.0.4, but I think it's pretty the same. From what that I saw the ProviderManager is the one that publish the event in case of successful authentication.

Few questions that might help:

1. Do you use the standard ProviderManager (org.springframework.security.providers.ProviderManager) or supply one of your own?
2. Maybe the @Component doesn't work?, maybe (just for testing) you can try the regular addListener() function.

The best way to understand what happens is to Ito debug Spring security (locate a break point in ProviderManager), I use to do it a lot and find it pretty useful.

Shay

Answer 2

You don't specify the details of your configuration. You state that you use your own authentication-manager - does this mean you are configuring the ProviderManager explicitly using Spring Bean configuration?

If so, you need to configure the AuthenticationEventPublisher on the ProviderManager, as the default implementation is a null implementation, which doesn't publish events.

The bean declaration for the default implementation is like this:

<bean id="defaultAuthEventPublisher" class="org.springframework.security.authentication.DefaultAuthenticationEventPublisher"/>

You'll then need to map this bean to the appropriate property on the ProviderManager:

If you aren't declaring your own ProviderManager, unfortunately there is not a way to enable this functionality using the security namespace style of configuration. Hope that answers your question!