3

我已经用 Spring Security 开发了一个注册和登录模块。我现在关心的是如何拦截自动存储的登录信息以将信息保存在数据库中。我的意思是,当用户标记“记住我”时,如果进入我的应用程序,会自动转到登录主页,但我想在数据库中注册该访问权限。

现在,当用户明确地通过登录页面时,很容易做到这一点,但在上述情况下则不然。

问候,

更新:我放了一些额外的信息:

  • 安全.xml

     <http auto-config="true">
     <form-login login-page="/login" login-processing-url="/j_spring_security_check" default-target-url="/private/dashboard" />
     <remember-me key="rememberMeKey" user-service-ref="userServiceImpl" />
 </http>
 <authentication-manager alias="authenticationManager" />
 <authentication-manager>
     <authentication-provider user-service-ref="userServiceImpl">
         <password-encoder hash="md5"/>
     </authentication-provider>
 </authentication-manager>

  • 用户服务实现

    @Service
@Transactional
public class UserServiceImpl implements UserDetailsService {

@Resource
private UserDao userDao;

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();
        String password = userDao.getUserPassword(username);

        if (password!=null) {
            userDao.registerAccess(username);
            AUTHORITIES.add(new SimpleGrantedAuthority("ROLE_REGISTERED")); 
            return new User(username,password, AUTHORITIES);
    } else {
            throw new UsernameNotFoundException("User not found: " + username);
    }
}

    }

4

2 回答 2

1

您在这里有多种选择:

  • 设置您的 org.springframework.security.web.authentication。AuthenticationSuccessHandler
  • 订阅 org.springframework.security.authentication.event。InteractiveAuthenticationSuccessEvent(请参阅@Ionut 答案)

AuthenticationSuccessHandler将同样适用于您的两种情况(正常登录并记住我):

public class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
    Authentication authentication) throws ServletException, IOException {
        // log authentication success here for both cases
        super.onAuthenticationSuccess(request, response, authentication);
    }

}

在您的security.xml中:

<bean id="customAuthenticationSuccessHandler" class="com.domain.security.CustomAuthenticationSuccessHandler"/>


<security:http ... >
    ...
    <security:form-login login-page='/login.html' authentication-success-handler-ref="customAuthenticationSuccessHandler" />
    <security:remember-me authentication-success-handler-ref="customAuthenticationSuccessHandler" />

</security:http>
于 2013-01-16T09:05:42.293 回答
1

你可以做这样的事情

@Component
public class AppListener implements ApplicationListener {


    @Override
    public void onApplicationEvent(ApplicationEvent event) {
        if (event instanceof InteractiveAuthenticationSuccessEvent) {
            handleLoginEvent();
        } else if (event instanceof HttpSessionDestroyedEvent)
            handleLogoutEvent((HttpSessionDestroyedEvent) event);

    }

    private void handleLoginEvent() {
      // handle login event
    }

    private synchronized void handleLogoutEvent(HttpSessionDestroyedEvent event) {
        // handle logout event
    }

}

问候,

EDIT

将此添加到 web.xml

  <listener>
         <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
  </listener>
于 2013-01-16T09:03:02.963 回答