1. 首页
  2. 问答
  3. 使用AspectJ和Spring Security捕获成功的登录

使用AspectJ和Spring Security捕获成功的登录

2013-04-24 106 views
0

我使用spring security和AspectJ来记录应用程序的行为。我需要捕获一个成功的登录并记录它。我的春节,安全配置:使用AspectJ和Spring Security捕获成功的登录

<security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true"> 
    <security:intercept-url pattern="/login" access="permitAll"/> 
    <security:intercept-url pattern="/loginFailed" access="permitAll"/> 
    <security:intercept-url pattern="/viewUserAccounts" access="hasRole('ROLE_ANTANI')" /> 
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> 
    <security:custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/> 
    <security:form-login 
    login-page="/login" 
    authentication-failure-url="/loginFailed" 
    login-processing-url="/loginAttempt" 
    password-parameter="password" 
    username-parameter="username" 
    /> 
</security:http>

我如何定义合适的切入点?

来源

2013-04-24 matteosilv

+1

使用** [AuthenticationSuccessHandler](http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/web/authentication/AuthenticationSuccessHandler.html)* *代替。看到回答http://stackoverflow.com/a/6770785/227804 – lschin 2013-04-24 09:50:20

+0

已经这样做,但是我们想尝试使用aspectj来登录 – matteosilv 2013-04-24 10:54:44

回答

0

这里有一个解决方案来抓取AuthenticationManager的结果;

上下文部分(你有什么的简化版本)

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:aop="http://www.springframework.org/schema/aop" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd"> 

    <security:http auto-config="true"> 
     <security:intercept-url pattern="/**" access="ROLE_USER"/> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider> 
      <security:user-service> 
       <security:user name="test" password="test" authorities="ROLE_USER"/> 
      </security:user-service> 
     </security:authentication-provider> 
    </security:authentication-manager> 

    <aop:aspectj-autoproxy proxy-target-class="true"/> 

    <bean class="de.incompleteco.spring.aspect.UsernamePasswordAuthenticationFilterAspect"/> 
</beans>

和切入点

package de.incompleteco.spring.aspect; 

import org.aspectj.lang.JoinPoint; 
import org.aspectj.lang.annotation.AfterReturning; 
import org.aspectj.lang.annotation.Aspect; 
import org.springframework.security.core.Authentication; 

@Aspect 
public class AuthenticationManagerAspect { 

    @AfterReturning(pointcut="execution(* org.springframework.security.authentication.AuthenticationManager.authenticate(..))" 
      ,returning="result") 
    public void after(JoinPoint joinPoint,Object result) throws Throwable { 
     System.out.println(">>> user: " + ((Authentication) result).getName()); 
    } 

}

这将允许你它来自的AuthenticationManager回来后访问的认证对象

来源

2013-04-24 08:44:08

+0

这是编译好,但不幸的是不打印任何东西。无论如何感谢 – matteosilv 2013-04-24 09:49:52

+0

终于得到它的工作!谢谢。但是它将打印两次消息。所以我代替: @After( “执行(* org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess(..))”) \t公共无效认证(){ \t \t的System.out.println (“User”+ SecurityContextHolder.getContext()。getAuthentication()。getName()+“成功登录。”); \t} – matteosilv 2013-04-24 14:45:19

相关问题

 相关问题