使用Spring Security成功登录后如何正确更新登录日期时间? [英] How to correctly update the login date time after successful login with Spring security?
问题描述
我正在使用Spring 3.2.0和相同版本的Spring安全性.成功登录后,用户将被重定向到受保护页面之一,如下所示.
I'm using Spring 3.2.0 and the same version of Spring security. On successful login, a user is redirected to one of the protected pages as follows.
public final class LoginSuccessHandler implements AuthenticationSuccessHandler
{
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
{
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN"))
{
response.sendRedirect("admin_side/Home.htm");
return;
}
}
}
我正在使用Hibernate.成功登录后,如何更新数据库中的登录日期时间(上次登录)?我在登录页面上有一个提交按钮,其POST请求似乎未映射到其相应的登录控制器中的方法.登录表单的操作实际上已映射到Servlet-j_spring_security_check.
I'm using Hibernate. How can I update the login date-time (Last Login) in the database on successful login? I have a submit button on the login page whose POST request doesn't seem to map to a method in its corresponding login controller. The login form's action is actually mapped to the Servlet - j_spring_security_check.
如果需要,整个spring-security.xml文件如下.
The entire spring-security.xml file is as follows, if it is required.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/Login.htm*" security="none"></http>
<http auto-config='true'>
<!--<remember-me key="myAppKey"/>-->
<session-management session-fixation-protection="newSession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<intercept-url pattern="/admin_side/**" access="ROLE_ADMIN" requires-channel="any"/>
<form-login login-page="/" default-target-url="/admin_side/Home.htm" authentication-failure-url="/LoginFailed.htm" authentication-success-handler-ref="loginSuccessHandler"/>
<logout logout-success-url="/Login.htm" invalidate-session="true" delete-cookies="JSESSIONID"/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id, password, enabled from user_table where lower(email_id)=lower(?)"
authorities-by-username-query="select ut.email_id, ur.authority from user_table ut, user_roles ur where ut.user_id=ur.user_id and lower(ut.email_id)=lower(?)"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="loginSuccessHandler" class="loginsuccesshandler.LoginSuccessHandler"/>
<global-method-security>
<protect-pointcut expression="execution(* dao.*.*(..))" access="ROLE_ADMIN"/>
</global-method-security>
<!--<global-method-security secured-annotations="enabled" />-->
</beans:beans>
推荐答案
An other way is to register an handler for the AuthenticationSuccessEvent.
@Service
public class UserService implements
ApplicationListener<AuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
String userName = ((UserDetails) event.getAuthentication().
getPrincipal()).getUsername();
User user = this.userDao.findByLogin(userName);
user.setLastLoginDate(new Date());
}
}
这篇关于使用Spring Security成功登录后如何正确更新登录日期时间?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
