I have the following event listener in SecurityConfig
security {
active = true useSecurityEventListener = true
//...
onInteractiveAuthenticationSuccessEvent = { e, appCtx -> // handle InteractiveAuthenticationSuccessEvent
//how to cancel user login from here??
}
}
The question is, how to stop user from logging in from that listener?
Thanks.
I think that the problem is once you receive the event, the user is already logged in. What I believe you need to do is create a custom AccessDecisionVoter to perform your access logic. I haven't tried it myself but the spring security plugin docs (voters section) give some details on how to set one up. It looks simple enough judging by the code for the acegi AuthenticatedVoter