问题:
DefaultAuthenticationEventPublisher未向我的@EventListener触发事件
孟华晖
我有一个简单的Spring启动应用程序,它使用了带有jwt过滤器的Spring安全性
所有这些都可以正常工作,但当我试图在侦听器中捕捉身份验证成功和失败事件时,
这不起作用认证事件从未触发我无法找到问题所在
这是我的安全类配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
@FieldDefaults(level = PRIVATE, makeFinal = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher(
new AntPathRequestMatcher("/public/**"),
new AntPathRequestMatcher("/h2-console/**"),
new AntPathRequestMatcher("/v3/api-docs/**"),
new AntPathRequestMatcher("/swagger-ui/**"),
new AntPathRequestMatcher("/swagger-ui.html")
);
private static final RequestMatcher PROTECTED_URLS = new NegatedRequestMatcher(PUBLIC_URLS);
TokenAuthenticationProvider provider;
SecurityConfig(final TokenAuthenticationProvider provider) {
super();
this.provider = requireNonNull(provider);
}
/* @Override
protected void configure(final AuthenticationManagerBuilder auth) {
auth.authenticationProvider(provider);
}*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationEventPublisher(authenticationEventPublisher());
}
@Override
public void configure(final WebSecurity web) {
web.ignoring().requestMatchers(PUBLIC_URLS);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(STATELESS)
.and()
.exceptionHandling()
// this entry point handles when you request a protected page and you are not yet
// authenticated
.defaultAuthenticationEntryPointFor(forbiddenEntryPoint(), PROTECTED_URLS)
.and()
.authenticationProvider(provider)
.addFilterBefore(restAuthenticationFilter(), AnonymousAuthenticationFilter.class)
.authorizeRequests()
.requestMatchers(PROTECTED_URLS)
.authenticated()
.and()
.csrf().disable()
.formLogin().disable()
.httpBasic().disable()
.logout().disable();
// h2 console config
http.headers().frameOptions().sameOrigin();
}
@Bean
TokenAuthenticationFilter restAuthenticationFilter() throws Exception {
final TokenAuthenticationFilter filter = new TokenAuthenticationFilter(PROTECTED_URLS);
filter.setAuthenticationManager(authenticationManager());
filter.setAuthenticationSuccessHandler(successHandler());
return filter;
}
@Bean
public DefaultAuthenticationEventPublisher authenticationEventPublisher() {
return new DefaultAuthenticationEventPublisher();
}
@Bean
SimpleUrlAuthenticationSuccessHandler successHandler() {
final SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler();
successHandler.setRedirectStrategy(new NoRedirectStrategy());
return successHandler;
}
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
/**
* Disable Spring boot automatic filter registration.
*/
@Bean
FilterRegistrationBean disableAutoRegistration(final TokenAuthenticationFilter filter) {
final FilterRegistrationBean registration = new FilterRegistrationBean(filter);
registration.setEnabled(false);
return registration;
}
@Bean
AuthenticationEntryPoint forbiddenEntryPoint() {
return new HttpStatusEntryPoint(FORBIDDEN);
}
我的TokenAuthenticationFilter是接口AbstractAuthenticationProcessingFilter的实现
我的听众们:
@Slf4j
@Component
@RequiredArgsConstructor
public class AuthenticationFailureListener {
private final LoginFailureRepository loginFailureRepository ;
private final UserRepository userRepository;
@EventListener
public void listen(AuthenticationFailureBadCredentialsEvent event){
log.info("Login Failed");
LoginFailure.LoginFailureBuilder builder = LoginFailure.builder();
if(event.getSource() instanceof UsernamePasswordAuthenticationToken){
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
if(token.getPrincipal() instanceof String){
String userName =(String) token.getPrincipal();
builder.userName(userName);
log.info("Attempted username : {}",userName);
userRepository.findByUsername(userName).ifPresent(builder::user);
}
if(token.getPrincipal() instanceof WebAuthenticationDetails){
WebAuthenticationDetails details =(WebAuthenticationDetails) token.getDetails();
builder.sourceIp(details.getRemoteAddress());
log.info("User remote address : {}",details.getRemoteAddress());
}
}
LoginFailure loginFailure = loginFailureRepository.save(builder.build());
log.info("saving login failure : {}",loginFailure);
}
}
@Slf4j
@Component
@RequiredArgsConstructor
public class AuthenticationSuccessListener {
private final LoginSuccessRepository loginSuccessRepository ;
@EventListener
public void listen(AuthenticationSuccessEvent event){
log.info("--------------- USER LOGGED WITH SUCCESS ----------------------");
LoginSuccess.LoginSuccessBuilder builder = LoginSuccess.builder();
if(event.getSource() instanceof UsernamePasswordAuthenticationToken){
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
if(token.getPrincipal() instanceof User){
User user =(User) token.getPrincipal();
builder.user(user);
log.info("User name login in : {}",user.getUsername());
}
if(token.getPrincipal() instanceof WebAuthenticationDetails){
WebAuthenticationDetails details =(WebAuthenticationDetails) token.getDetails();
builder.sourceIp(details.getRemoteAddress());
log.info("User remote address : {}",details.getRemoteAddress());
}
}
LoginSuccess loginSuccess = loginSuccessRepository.save(builder.build());
log.info("saving login success : {}",loginSuccess);
}
}
这是我的开始日志:
SecurityAutoConfiguration matched:
- @ConditionalOnClass found required class 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher' (OnClassCondition)
2021-01-09 21:42:28.413 DEBUG 49828 --- [ restartedMain] o.s.b.f.s.DefaultListableBeanFactory : Creating shared instance of singleton bean 'authenticationFailureListener'
2021-01-09 21:42:28.422 DEBUG 49828 --- [ restartedMain] o.s.b.f.s.DefaultListableBeanFactory : Creating shared instance of singleton bean 'authenticationSuccessListener'
共有1个答案
羊舌庆
您需要在安全配置中配置处理程序。
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final LoginSuccessHandler loginSuccessHandler;
private final LoginFailureHandler loginFailureHandler;
...
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
...
.successHandler(loginSuccessHandler)
.failureHandler(loginFailureHandler)
...
}
您的成功处理程序需要实现接口“AuthenticationJosessHandler”,例如:
@Slf4j
@Component
@RequiredArgsConstructor
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
private final LoginSuccessRepository loginSuccessRepository;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
// TODO you implementation
super.onAuthenticationSuccess(request, response, authentication);
}
}
故障处理程序需要实现接口“AuthenticationFailureHandler”,例如:
@Slf4j
@Component
@RequiredArgsConstructor
public class LoginFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
// TODO your implementation
}
}
类似资料:
-
问题内容: 我有3个文件: js_json.js->用于我的json代码 javascript.js->用于我的javascript函数 index.php 这里的代码为: 这是我的代码: 这里的代码: 我的问题是: 当我单击链接“ Hola Test 1”时,它将起作用并显示消息。问题是,在单击选择选项之后,出现了链接“ Hola Test”,然后单击该链接(“ Hola Test”),该消息没
-
问题内容: 我有一个带有一列复选框的GridView(GridView的其余部分正在从数据库中填充)。我正在使用AJAX执行不同的功能,并且想知道我是否只是在正确的位置调用了OnCheckedChanged事件。是否应该将其包装在某种UpdatePanel中?我对这一切的工作方式仍然很陌生…基本上,我的目标是在选中复选框后更改数据库中的位值。我知道该怎么做的逻辑,我只是不知道我是否以正确的方式
-
我正在为android创建一个phonegap应用程序,并想使用一些phonegap事件,如“恢复”、“暂停”、“后退按钮”等,但除了“deviceready”事件外,这些事件都不会被触发。以下是我的javascript代码,请检查我是否犯了任何错误: “ondeviceredy()”函数中的警报正在工作。 请帮忙,提前谢谢。
-
我已经在Flink中实现了CEP模式,它按预期工作连接到本地Kafka代理。但是当我连接到基于集群的云kafka设置时,Flink CEP不会触发。 我正在使用AscendingTimestampExtractor, 我也收到警告消息, AscendingTimestampExtractor:140-违反时间戳单调性:1594017872227 而且我也尝试过使用Assignerwith周期水印和
-
我在Flink SQL中使用了CEP模式,它按照预期连接到Kafka broker。但是当我连接到基于集群的云kafka设置时,Flink CEP没有触发。以下是我的sql: 然后我以json格式发送消息,如 在 flink Web ui 中,水印工作精细 flink Web ui 我运行我的cep sql: 每个Kafka消息,connect_ 这是另一个仍然不起作用的cep sql。并且age
-
我已经与celledit约会,ajax事件不会在单元格编辑时触发。事件监听器不会被调用。谢谢。 bean侦听器方法