Custom Implementation of Spring Security User Authentication Success and Failure

[1] Spring boot Security OAuth2 user login failure event publishing and monitoring

[two] Source Code Analysis of Spring Security User Authentication Success and Failure

The last article explained the whole process of issuing successful or failed user authentication events.´╝î
This article explains the implementation of custom. Let's first look at the anomalies of authentication:

Under the package org. spring framework. security. authentication. event, all event types are defined when authentication occurs, where AbstractAuthentication Event is the parent class of all events and other events.
They all inherit from AbstractAuthentication Event, whose subclasses are AbstractAuthentication Failure Event, Authentication Failure Bad Credentials Event, Authentication Failure Credentials Expired Event.
,AuthenticationFailureDisabledEvent,AuthenticationFailureExpiredEvent,AuthenticationFailureLockedEvent,AuthenticationFailureProviderNotFoundEvent
,AuthenticationFailureProxyUntrustedEvent,AuthenticationFailureServiceExceptionEvent,AuthenticationSuccessEvent,InteractiveAuthenticationSuccessEvent´╝Ť
AbstractAuthentication Failure Event is an abstract class of all authentication exception publishing events, which can be easily separated into two listeners.

1. Define Authentication Successful Publishing Event Listener

package com.yaomy.security.oauth2.event.listener;

import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.stereotype.Component;

/**
 * @Description: User login success listener event
 * @ProjectName: spring-parent
 * @Package: com.yaomy.security.oauth2.handler.ApplicationListenerAuthencationSuccess
 * @Date: 2019/7/25 11:27
 * @Version: 1.0
 */
@Component
public class AuthencationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {

    @Override
    public void onApplicationEvent(AuthenticationSuccessEvent event) {
            //Users logged in successfully by entering username and password
            System.out.println("---AuthenticationSuccessEvent---");
    }

}

Of course, if there is a need to replace Authentication Success Event with Interactive Authentication Success Event, it is a successful authentication, but Interactive Authentication Success Event means that the login is successful by means of automatic interaction, such as cookie automatic login.

2. Define Authentication Failure Event Publishing Listener

package com.yaomy.security.oauth2.event.listener;

import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.*;
import org.springframework.stereotype.Component;

/**
 * @Description: User login success listener event
 * @ProjectName: spring-parent
 * @Package: com.yaomy.security.oauth2.handler.ApplicationListenerAuthencationSuccess
 * @Date: 2019/7/25 11:27
 * @Version: 1.0
 */
@Component
public class AuthencationFailureListener implements ApplicationListener<AbstractAuthenticationFailureEvent> {
    @Override
    public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
        if(event instanceof AuthenticationFailureBadCredentialsEvent){
            //The credentials provided are incorrect, user name or password incorrect
            System.out.println("---AuthenticationFailureBadCredentialsEvent---");
        } else if(event instanceof AuthenticationFailureCredentialsExpiredEvent){
            //Verification passes, but password expires
            System.out.println("---AuthenticationFailureCredentialsExpiredEvent---");
        } else if(event instanceof AuthenticationFailureDisabledEvent){
            //Verified but account disabled
            System.out.println("---AuthenticationFailureDisabledEvent---");
        } else if(event instanceof AuthenticationFailureExpiredEvent){
            //Verification passed, but account has expired
            System.out.println("---AuthenticationFailureExpiredEvent---");
        }  else if(event instanceof AuthenticationFailureLockedEvent){
            //Account Locked
            System.out.println("---AuthenticationFailureLockedEvent---");
        } else if(event instanceof AuthenticationFailureProviderNotFoundEvent){
            //Configuration error, no appropriate Authentication Provider to handle login validation
            System.out.println("---AuthenticationFailureProviderNotFoundEvent---");
        } else if(event instanceof AuthenticationFailureProxyUntrustedEvent){
            //Agents are not trusted, and the cases used for tripartite authentication such as Oauth and CAS are mostly configuration errors.
            System.out.println("---AuthenticationFailureProxyUntrustedEvent---");
        } else if(event instanceof AuthenticationFailureServiceExceptionEvent){
            //Any other exception that occurs internally in Authentication Manager will be encapsulated as such
            System.out.println("---AuthenticationFailureServiceExceptionEvent---");
        }
    }

}

GitHub source code: https://github.com/mingyang66/spring-parent/blob/master/spring-security-oauth2-server-redis-service/eventUpgradeCode.md

Tags: Spring github Redis

Posted on Sun, 06 Oct 2019 14:19:14 -0700 by davey_b_