Search in sources :

Example 1 with InteractiveAuthenticationSuccessEvent

use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-security by spring-projects.

the class AbstractAuthenticationProcessingFilter method successfulAuthentication.

/**
	 * Default behaviour for successful authentication.
	 * <ol>
	 * <li>Sets the successful <tt>Authentication</tt> object on the
	 * {@link SecurityContextHolder}</li>
	 * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
	 * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
	 * <tt>ApplicationEventPublisher</tt></li>
	 * <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
	 * </ol>
	 *
	 * Subclasses can override this method to continue the {@link FilterChain} after
	 * successful authentication.
	 * @param request
	 * @param response
	 * @param chain
	 * @param authResult the object returned from the <tt>attemptAuthentication</tt>
	 * method.
	 * @throws IOException
	 * @throws ServletException
	 */
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
    }
    SecurityContextHolder.getContext().setAuthentication(authResult);
    rememberMeServices.loginSuccess(request, response, authResult);
    // Fire event
    if (this.eventPublisher != null) {
        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
    }
    successHandler.onAuthenticationSuccess(request, response, authResult);
}
Also used : InteractiveAuthenticationSuccessEvent(org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent)

Example 2 with InteractiveAuthenticationSuccessEvent

use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-security by spring-projects.

the class CasAuthenticationFilter method successfulAuthentication.

// ~ Methods
// ========================================================================================================
@Override
protected final void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
    boolean continueFilterChain = proxyTicketRequest(serviceTicketRequest(request, response), request);
    if (!continueFilterChain) {
        super.successfulAuthentication(request, response, chain, authResult);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
    }
    SecurityContextHolder.getContext().setAuthentication(authResult);
    // Fire event
    if (this.eventPublisher != null) {
        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
    }
    chain.doFilter(request, response);
}
Also used : InteractiveAuthenticationSuccessEvent(org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent)

Example 3 with InteractiveAuthenticationSuccessEvent

use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-security by spring-projects.

the class RememberMeAuthenticationFilter method doFilter.

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    if (SecurityContextHolder.getContext().getAuthentication() == null) {
        Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);
        if (rememberMeAuth != null) {
            // Attempt authenticaton via AuthenticationManager
            try {
                rememberMeAuth = authenticationManager.authenticate(rememberMeAuth);
                // Store to SecurityContextHolder
                SecurityContextHolder.getContext().setAuthentication(rememberMeAuth);
                onSuccessfulAuthentication(request, response, rememberMeAuth);
                if (logger.isDebugEnabled()) {
                    logger.debug("SecurityContextHolder populated with remember-me token: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
                }
                // Fire event
                if (this.eventPublisher != null) {
                    eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
                }
                if (successHandler != null) {
                    successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
                    return;
                }
            } catch (AuthenticationException authenticationException) {
                if (logger.isDebugEnabled()) {
                    logger.debug("SecurityContextHolder not populated with remember-me token, as " + "AuthenticationManager rejected Authentication returned by RememberMeServices: '" + rememberMeAuth + "'; invalidating remember-me token", authenticationException);
                }
                rememberMeServices.loginFail(request, response);
                onUnsuccessfulAuthentication(request, response, authenticationException);
            }
        }
        chain.doFilter(request, response);
    } else {
        if (logger.isDebugEnabled()) {
            logger.debug("SecurityContextHolder not populated with remember-me token, as it already contained: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
        }
        chain.doFilter(request, response);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) InteractiveAuthenticationSuccessEvent(org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent) AuthenticationException(org.springframework.security.core.AuthenticationException) Authentication(org.springframework.security.core.Authentication) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 4 with InteractiveAuthenticationSuccessEvent

use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-boot by spring-projects.

the class AuthenticationAuditListenerTests method testOtherAuthenticationSuccess.

@Test
public void testOtherAuthenticationSuccess() {
    this.listener.onApplicationEvent(new InteractiveAuthenticationSuccessEvent(new UsernamePasswordAuthenticationToken("user", "password"), getClass()));
    // No need to audit this one (it shadows a regular AuthenticationSuccessEvent)
    verify(this.publisher, never()).publishEvent((ApplicationEvent) any());
}
Also used : InteractiveAuthenticationSuccessEvent(org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 5 with InteractiveAuthenticationSuccessEvent

use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project opennms by OpenNMS.

the class SecurityAuthenticationEventOnmsEventBuilder method onApplicationEvent.

/** {@inheritDoc} */
@Override
public void onApplicationEvent(ApplicationEvent event) {
    LOG.debug("Received ApplicationEvent {}", event.getClass());
    if (event instanceof AuthenticationSuccessEvent) {
        AuthenticationSuccessEvent authEvent = (AuthenticationSuccessEvent) event;
        EventBuilder builder = createEvent(SUCCESS_UEI, authEvent);
        // Sync the timestamp
        builder.setTime(new Date(event.getTimestamp()));
        if (!"true".equalsIgnoreCase(System.getProperty("org.opennms.security.disableLoginSuccessEvent"))) {
            sendEvent(builder.getEvent());
        }
    }
    if (event instanceof AbstractAuthenticationFailureEvent) {
        AbstractAuthenticationFailureEvent authEvent = (AbstractAuthenticationFailureEvent) event;
        LOG.debug("AbstractAuthenticationFailureEvent was received, exception message - {}", authEvent.getException().getMessage());
        EventBuilder builder = createEvent(FAILURE_UEI, authEvent);
        // Sync the timestamp
        builder.setTime(new Date(event.getTimestamp()));
        builder.addParam("exceptionName", authEvent.getException().getClass().getSimpleName());
        builder.addParam("exceptionMessage", authEvent.getException().getMessage());
        sendEvent(builder.getEvent());
    }
    if (event instanceof AuthorizedEvent) {
        AuthorizedEvent authEvent = (AuthorizedEvent) event;
        LOG.debug("AuthorizedEvent received - \n  Details - {}\n  Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
    }
    if (event instanceof AuthorizationFailureEvent) {
        AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;
        LOG.debug("AuthorizationFailureEvent received  -\n   Details - {}\n  Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
    }
    if (event instanceof InteractiveAuthenticationSuccessEvent) {
        InteractiveAuthenticationSuccessEvent authEvent = (InteractiveAuthenticationSuccessEvent) event;
        LOG.debug("InteractiveAuthenticationSuccessEvent received - \n  Details - {}\n  Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
    }
    if (event instanceof ServletRequestHandledEvent) {
        ServletRequestHandledEvent authEvent = (ServletRequestHandledEvent) event;
        LOG.debug("ServletRequestHandledEvent received - {}\n  Servlet - {}\n  URL - {}", authEvent.getDescription(), authEvent.getServletName(), authEvent.getRequestUrl());
        LOG.info("{} requested from {} by user {}", authEvent.getRequestUrl(), authEvent.getClientAddress(), authEvent.getUserName());
    }
}
Also used : InteractiveAuthenticationSuccessEvent(org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent) ServletRequestHandledEvent(org.springframework.web.context.support.ServletRequestHandledEvent) EventBuilder(org.opennms.netmgt.model.events.EventBuilder) AuthorizedEvent(org.springframework.security.access.event.AuthorizedEvent) InteractiveAuthenticationSuccessEvent(org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent) AuthenticationSuccessEvent(org.springframework.security.authentication.event.AuthenticationSuccessEvent) AuthorizationFailureEvent(org.springframework.security.access.event.AuthorizationFailureEvent) Date(java.util.Date) AbstractAuthenticationFailureEvent(org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent)

Aggregations

InteractiveAuthenticationSuccessEvent (org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent)5 Date (java.util.Date)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Test (org.junit.Test)1 EventBuilder (org.opennms.netmgt.model.events.EventBuilder)1 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)1 AuthorizedEvent (org.springframework.security.access.event.AuthorizedEvent)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 AbstractAuthenticationFailureEvent (org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent)1 AuthenticationSuccessEvent (org.springframework.security.authentication.event.AuthenticationSuccessEvent)1 Authentication (org.springframework.security.core.Authentication)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 ServletRequestHandledEvent (org.springframework.web.context.support.ServletRequestHandledEvent)1