use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-security by spring-projects.
the class AbstractAuthenticationProcessingFilter method successfulAuthentication.
/**
* Default behaviour for successful authentication.
* <ol>
* <li>Sets the successful <tt>Authentication</tt> object on the
* {@link SecurityContextHolder}</li>
* <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
* <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
* <tt>ApplicationEventPublisher</tt></li>
* <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
* </ol>
*
* Subclasses can override this method to continue the {@link FilterChain} after
* successful authentication.
* @param request
* @param response
* @param chain
* @param authResult the object returned from the <tt>attemptAuthentication</tt>
* method.
* @throws IOException
* @throws ServletException
*/
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
rememberMeServices.loginSuccess(request, response, authResult);
// Fire event
if (this.eventPublisher != null) {
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
}
successHandler.onAuthenticationSuccess(request, response, authResult);
}
use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-security by spring-projects.
the class CasAuthenticationFilter method successfulAuthentication.
// ~ Methods
// ========================================================================================================
@Override
protected final void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
boolean continueFilterChain = proxyTicketRequest(serviceTicketRequest(request, response), request);
if (!continueFilterChain) {
super.successfulAuthentication(request, response, chain, authResult);
return;
}
if (logger.isDebugEnabled()) {
logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
// Fire event
if (this.eventPublisher != null) {
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
}
chain.doFilter(request, response);
}
use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-security by spring-projects.
the class RememberMeAuthenticationFilter method doFilter.
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (SecurityContextHolder.getContext().getAuthentication() == null) {
Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);
if (rememberMeAuth != null) {
// Attempt authenticaton via AuthenticationManager
try {
rememberMeAuth = authenticationManager.authenticate(rememberMeAuth);
// Store to SecurityContextHolder
SecurityContextHolder.getContext().setAuthentication(rememberMeAuth);
onSuccessfulAuthentication(request, response, rememberMeAuth);
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder populated with remember-me token: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
}
// Fire event
if (this.eventPublisher != null) {
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
}
if (successHandler != null) {
successHandler.onAuthenticationSuccess(request, response, rememberMeAuth);
return;
}
} catch (AuthenticationException authenticationException) {
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder not populated with remember-me token, as " + "AuthenticationManager rejected Authentication returned by RememberMeServices: '" + rememberMeAuth + "'; invalidating remember-me token", authenticationException);
}
rememberMeServices.loginFail(request, response);
onUnsuccessfulAuthentication(request, response, authenticationException);
}
}
chain.doFilter(request, response);
} else {
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder not populated with remember-me token, as it already contained: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
}
chain.doFilter(request, response);
}
}
use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project spring-boot by spring-projects.
the class AuthenticationAuditListenerTests method testOtherAuthenticationSuccess.
@Test
public void testOtherAuthenticationSuccess() {
this.listener.onApplicationEvent(new InteractiveAuthenticationSuccessEvent(new UsernamePasswordAuthenticationToken("user", "password"), getClass()));
// No need to audit this one (it shadows a regular AuthenticationSuccessEvent)
verify(this.publisher, never()).publishEvent((ApplicationEvent) any());
}
use of org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent in project opennms by OpenNMS.
the class SecurityAuthenticationEventOnmsEventBuilder method onApplicationEvent.
/** {@inheritDoc} */
@Override
public void onApplicationEvent(ApplicationEvent event) {
LOG.debug("Received ApplicationEvent {}", event.getClass());
if (event instanceof AuthenticationSuccessEvent) {
AuthenticationSuccessEvent authEvent = (AuthenticationSuccessEvent) event;
EventBuilder builder = createEvent(SUCCESS_UEI, authEvent);
// Sync the timestamp
builder.setTime(new Date(event.getTimestamp()));
if (!"true".equalsIgnoreCase(System.getProperty("org.opennms.security.disableLoginSuccessEvent"))) {
sendEvent(builder.getEvent());
}
}
if (event instanceof AbstractAuthenticationFailureEvent) {
AbstractAuthenticationFailureEvent authEvent = (AbstractAuthenticationFailureEvent) event;
LOG.debug("AbstractAuthenticationFailureEvent was received, exception message - {}", authEvent.getException().getMessage());
EventBuilder builder = createEvent(FAILURE_UEI, authEvent);
// Sync the timestamp
builder.setTime(new Date(event.getTimestamp()));
builder.addParam("exceptionName", authEvent.getException().getClass().getSimpleName());
builder.addParam("exceptionMessage", authEvent.getException().getMessage());
sendEvent(builder.getEvent());
}
if (event instanceof AuthorizedEvent) {
AuthorizedEvent authEvent = (AuthorizedEvent) event;
LOG.debug("AuthorizedEvent received - \n Details - {}\n Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
}
if (event instanceof AuthorizationFailureEvent) {
AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;
LOG.debug("AuthorizationFailureEvent received -\n Details - {}\n Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
}
if (event instanceof InteractiveAuthenticationSuccessEvent) {
InteractiveAuthenticationSuccessEvent authEvent = (InteractiveAuthenticationSuccessEvent) event;
LOG.debug("InteractiveAuthenticationSuccessEvent received - \n Details - {}\n Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
}
if (event instanceof ServletRequestHandledEvent) {
ServletRequestHandledEvent authEvent = (ServletRequestHandledEvent) event;
LOG.debug("ServletRequestHandledEvent received - {}\n Servlet - {}\n URL - {}", authEvent.getDescription(), authEvent.getServletName(), authEvent.getRequestUrl());
LOG.info("{} requested from {} by user {}", authEvent.getRequestUrl(), authEvent.getClientAddress(), authEvent.getUserName());
}
}
Aggregations