|
|
I need to have access to the currently logged-in user from various points in my application. I'm currently storing this information in the session for MVC components and in a ThreadLocal for the service and dao layers.
For a normal login, I'm using an AuthenticationEventListener to store the current user upon successful login. I expected the same code to be triggered if I logged in automatically using acegi's remember-me features. However, I find that this is not the case. In the AuthenticationEventListener , a manual login is caught through an AuthenticationSuccessEvent. But when I log in automatically, the listener is catching a ContextRefreshedEvent.
Is this the expected behavior? If not, why not? If the ContextRefreshedEvent is what is supposed to be happening, how can I get the current user?
If you look at the code for the remember me filter, a InteractiveAuthenticationSuccessEvent is published on successful authentication. Can't you just use that?
I see the code you're talking about in RememberMeProcessingFilter, but my AuthenticationEventListener is not seeing the InteractiveAuthenticationSuccessEvent. Neither is it seeing an AuthenticationSuccessEvent when I log in manually. It is, however seeing a ContextRefreshedEvent after the remember-me login, as well as numerous RequestHandledEvent's.
According to the Spring documentation, all I need to do is declare my AuthenticationEventListener as a bean for it to pick up these events. Is there something more I need to do?
How about this. This magic is implements ApplicationListener.Code:
public class ApplicationSecurityListener implements ApplicationListener
{
private static final Logger logger = Logger.getLogger ( ApplicationSecurityListener.class );
public void onApplicationEvent ( ApplicationEvent event )
{
if ( event instanceof AuthorizedEvent )
{
AuthorizedEvent authorizedEvent = ( AuthorizedEvent ) event;
logger.debug ( quot;authorized:quot; + authorizedEvent );
}
else if ( event instanceof AuthorizationFailureEvent )
{
AuthorizationFailureEvent authorizationFailureEvent = ( AuthorizationFailureEvent ) event;
logger.debug ( quot;not authorized:quot; + authorizationFailureEvent );
}
else if ( event instanceof AuthenticationFailureBadCredentialsEvent )
{
AuthenticationFailureBadCredentialsEvent badCredentialsEvent = ( AuthenticationFailureBadCredentialsEvent ) event;
logger.debug ( quot;badCredentials:quot; + badCredentialsEvent );
}
else if ( event instanceof AuthenticationSuccessEvent )
{
AuthenticationSuccessEvent authenticationSuccessEvent = ( AuthenticationSuccessEvent ) event;
logger.debug ( quot;authSuccess:quot; + authenticationSuccessEvent );
}
else
{
logger.debug ( quot;undefined: quot; + event );
}
}
}That's essentially what I have. It's catching other events, but not the authentication related ones.
I am able to catch onSuccessfulAuthentication() in my subclass of AuthenticationProcessingFilter when logging in manually, but this method is not triggered when I log in with remember-me.
What would cause the AuthenticationProcessingFilter not to be triggered by remember-me?
Originally Posted by kcflyerThat's essentially what I have. It's catching other events, but not the authentication related ones.
I am able to catch onSuccessfulAuthentication() in my subclass of AuthenticationProcessingFilter when logging in manually, but this method is not triggered when I log in with remember-me.
What would cause the AuthenticationProcessingFilter not to be triggered by remember-me?
It uses a different filter RememberMeProcessingFilter. I don't understand why if you are running that class I sent and have defined the bean you aren't seeing the events. Its working on my machine no problem.
Perhaps this is a configuration issue. I copied your class into my application and added this to my spring configuration file:Code:
lt;bean id=quot;applicationSecurityListenerquot;
class=quot;com.silversky.scheduler.mvc.ApplicationSecurityListenerquot; gt; lt;/beangt;
When I logged in with remember-me, the only event captured was a RequestHandledEvent, which I believe was generated by displaying the home page. This is the same behavior as exhibited by my own listener. So the listener is working, but it's not listening to all the events. Is there more configuration that needs to take place?
When I log in normally, your listener captures these events:
undefined: org..context.event.ContextRefreshed Event
undefined: RequestHandledEvent (home.htm)
undefined: RequestHandledEvent (login.htm)
undefined: RequestHandledEvent (home.htm)
I really don't understand where this is going wrong. I even took the acegi sample and just paste the listener bean in, it works fine. Did you simply copy and paste my class in?Code:
lt;bean class=quot;com.architecture.demo.business.ApplicationSecurityListenerquot;/gt;Yes, I copied the class straight in. All I did was add the necessary imports so it would compile. The odd thing is that it works for other events. I'll keep digging for the cause... |
|
Post at 2011-4-15 15:44
| This Author's Posts Only
