1
1
.
.
3
3
.
.
9
9
E
E
v
v
e
e
n
n
t
t
s
s
-
-
L
L
o
o
g
g
t
t
o
o
C
C
o
o
n
n
s
s
o
o
l
l
e
e
I
I
n
n
f
f
o
o
[
[
G
G
]
]
This tutorial shows how to Publish and Listen for Authentication Events (Success and Failure).
These Events are triggered after User enters Username and Password (valid or invalid).
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables @RequestMapping and Tomcat Server
Security
Spring Security
Enables Spring Security
MyController
http://localhost:8080/Hello
hello()
Authentication
Listener
Browser
Tomcat
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springboot_security_events (add Spring Boot Starters from the table)
Edit File: application.properties (add Role, User, Password)
Create Package: config (inside main package)
Create Class: AuthenticationPublisher.java (inside config package)
Create Class: AuthenticationListener.java (inside config package)
Create Package: controllers (inside main package)
Create Class: MyController.java (inside controllers package)
application.properties
# SECURITY
spring.security.user.name = myuser
spring.security.user.password = mypassword
spring.security.user.roles = USER
MyController.java
package com.ivoronline.springbott_security_events.controllers;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MyController {
@ResponseBody
@RequestMapping("/Hello")
public String hello() {
return "Hello from Controller";
}
}
AuthenticationPublisher.java
package com.ivoronline.springbott_security_events.config;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
@Configuration
public class AuthenticationPublisher {
@Bean
public AuthenticationEventPublisher publish(ApplicationEventPublisher applicationEventPublisher){
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
}
AuthenticationListener.java
package com.ivoronline.springbott_security_events.config;
import org.springframework.context.event.EventListener;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
@Component
public class AuthenticationListener {
//======================================================================================
// METHOD: LISTEN TO SUCCESS
//======================================================================================
@EventListener
public void listenToSuccess(AuthenticationSuccessEvent event){
//GET USERNAME
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
User user = (User) token.getPrincipal();
String username = user.getUsername();
//GET IP
WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
String IP = details.getRemoteAddress();
//LOG DATA
System.out.println("Successful Login by Username/IP: " + username + "/" + IP);
}
//======================================================================================
// METHOD: LISTEN TO FAILURE
//======================================================================================
@EventListener
public void listenToFailure(AuthenticationFailureBadCredentialsEvent event){
//GET USERNAME
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
String username = (String) token.getPrincipal();
//GET IP
WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
String IP = details.getRemoteAddress();
//LOG DATA
System.out.println("Unsuccessful Login by Username/IP: " + username + "/" + IP);
}
}
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/Hello
You get redirected to http://localhost:8080/login
Username: myuser
Password: mypassword
Sign in
You get redirected back to http://localhost:8080/Hello
http://localhost:8080/login
Redirects to http://localhost:8080/Hello
Application Structure
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>