Configuring acegi security to store successful logins to DB.

Question

Hi, I'm new to Acegi. I have it working in its simplest form. I have to login in order to access the protected pages (I followed their tutorial).

Now I want to have a DB Log of every successful login. Is there a simple way to do that? Something like forcing a specific action (which I would create and would write the information to the DB) every time there's a succesful login, or maybe some internal ACEGI feature that does it for me?

Currently I'm thinking of setting defaultTargetUrl to a redirect page which would store the current user to the DB and then redirect to index. But I'm not sure this would work if someone accessed the login via trying to access other page that isn't index (as after logging in, acegi seems to redirect the user to that page, which is the behaviour I want anyway)

Any ideas about this? I'd really appreciate them.

Thanks.

B.

Answer 1

I would do it via AOP, if possible.

This solution applies for Spring 3.x and Spring Security 3.x. Spring Security is the direct successor of Acegi, I'd use that instead if possible. I hope this applies to the former version.

@AfterReturning("execution(* org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler.onAuthenticationSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.Authentication)) && args(request, response, authentication)")
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response,
        Authentication authentication) {
    logger.debug(authentication.getPrincipal() + " logged in.");
}

If you don't feel comfortable working with AOP, you can of course build a wrapper on the SimpleUrlAuthenticationSuccessHandler manually.

Answer 2

You may use Spring's event handling mechanism to get notified on AuthenticationSuccessEvent published by Spring Security.