0

我正在使用 spring security 和 AspectJ 来记录应用程序的行为。我需要捕获成功的登录并记录下来。我的弹簧安全配置:

<security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true">
    <security:intercept-url pattern="/login" access="permitAll"/>
    <security:intercept-url pattern="/loginFailed" access="permitAll"/>
    <security:intercept-url pattern="/viewUserAccounts" access="hasRole('ROLE_ANTANI')" />
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <security:custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
    <security:form-login
    login-page="/login"
    authentication-failure-url="/loginFailed"
    login-processing-url="/loginAttempt"
    password-parameter="password"
    username-parameter="username"
    />
</security:http>

如何定义正确的切入点?

4

1 回答 1

1

这是从 AuthenticationManager 中获取结果的解决方案;

上下文部分(您所拥有的简化版本)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

    <security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="test" password="test" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

    <aop:aspectj-autoproxy proxy-target-class="true"/>

    <bean class="de.incompleteco.spring.aspect.UsernamePasswordAuthenticationFilterAspect"/>
</beans>

和切入点

package de.incompleteco.spring.aspect;

import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.security.core.Authentication;

@Aspect
public class AuthenticationManagerAspect {

    @AfterReturning(pointcut="execution(* org.springframework.security.authentication.AuthenticationManager.authenticate(..))"
            ,returning="result")
    public void after(JoinPoint joinPoint,Object result) throws Throwable {
        System.out.println(">>> user: " + ((Authentication) result).getName());
    }

}

这将允许您在身份验证对象从 AuthenticationManager 返回后访问它。

于 2013-04-24T08:44:08.810 回答