使用AspectJ和Spring Security捕获成功的登录 [英] Capture successful login with AspectJ and Spring Security
本文介绍了使用AspectJ和Spring Security捕获成功的登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用Spring Security和AspectJ记录应用程序的行为.我需要捕获成功的登录并将其记录.我的春季安全配置:
i'm using spring security and AspectJ to log application's behavior. I need to capture a successful login and log it. My spring security configuration:
<security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/loginFailed" access="permitAll"/>
<security:intercept-url pattern="/viewUserAccounts" access="hasRole('ROLE_ANTANI')" />
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<security:custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
<security:form-login
login-page="/login"
authentication-failure-url="/loginFailed"
login-processing-url="/loginAttempt"
password-parameter="password"
username-parameter="username"
/>
</security:http>
如何定义正确的切入点?
How can i define the right pointcut?
推荐答案
这是从AuthenticationManager获取结果的解决方案;
here's a solution to grab the results form the AuthenticationManager;
上下文部分(所拥有内容的简化版本)
the context part (simplified version of what you have)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="test" password="test" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<aop:aspectj-autoproxy proxy-target-class="true"/>
<bean class="de.incompleteco.spring.aspect.UsernamePasswordAuthenticationFilterAspect"/>
</beans>
和切入点
package de.incompleteco.spring.aspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.security.core.Authentication;
@Aspect
public class AuthenticationManagerAspect {
@AfterReturning(pointcut="execution(* org.springframework.security.authentication.AuthenticationManager.authenticate(..))"
,returning="result")
public void after(JoinPoint joinPoint,Object result) throws Throwable {
System.out.println(">>> user: " + ((Authentication) result).getName());
}
}
这将允许您从AuthenticationManager返回认证对象之后对其进行访问.
this will allow you to access the authentication object after it's come back from the AuthenticationManager.
这篇关于使用AspectJ和Spring Security捕获成功的登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文