最近整理了一下开发工作,在开发过程中,对用户的登录日志进行记录,是每个系统最基础的工作,faceye使用了acegi作为基础安全框架,也需要对用户登录日志进行记录,查阅了一下网上的资料,有提到使用Spring的ApplicationEvent来做的,主要是做一个ApplicationListener,判断event类型,如果是用户登录成功event,就做日志记录.
看了一下,不太喜欢,于是,打开acegi的源码来看了一下,顺便说一下,这里的源码指的是acegi2.0.
当前使用到的用户登录,主要有两种类型,一种输入用户名密码登录,另一种是根据cookie记录进行登录,所以,要针对这两个Filter进行修改.
通常,我们使用的登录验证器是这个:AuthenticationProcessingFilter
所做的配置为:
<bean id="authenticationProcessingFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
....
</bean>
那么,在这里,就需要对这个类进行一下重载
在这个类中,要看其父类中的:AbstractProcessingFilter 的doFilterHttp方法
整体 方法如下:
01.
public
void
doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws
IOException,
02.
ServletException {
03.
if
(requiresAuthentication(request, response)) {
04.
if
(logger.isDebugEnabled()) {
05.
logger.debug(
"Request is to process authentication"
);
06.
}
07.
Authentication authResult;
08.
try
{
09.
onPreAuthentication(request, response);
10.
authResult = attemptAuthentication(request);
11.
}
12.
catch
(AuthenticationException failed) {
13.
// Authentication failed
14.
unsuccessfulAuthentication(request, response, failed);
15.
return
;
16.
}
17.
// Authentication success
18.
if
(continueChainBeforeSuccessfulAuthentication) {
19.
chain.doFilter(request, response);
20.
}
21.
successfulAuthentication(request, response, authResult);
22.
return
;
23.
}
24.
chain.doFilter(request, response);
25.
}
在这里,acegi已经给我们预留了登录成功后置事件接口,successfulAuthentication(...)
在这个方法里面,调用了一个空方法:
onSuccessfulAuthentication(request, response, authResult);
这个方法,在acegi的代码中,是一个懒汉型的,它只会在用户登录成功后被调用,如果用户登录失败,会相应的调用方法:
unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,AuthenticationException failed)
其中对应的后置方法为:
onUnsuccessfulAuthentication(request, response, failed);
这两个方法,都为懒汉型的,要对用户的登录动作(成功,失败)进行记录,只需要重载这两个方法即可.
所以,进行如下实现:
01.
/**
02.
*
03.
*
04.
* @author:haipeng
05.
* @Copy Right:www.faceye.com
06.
* @System:www.faceye.com
07.
* @Create 2009-7-20
08.
* @Package com.faceye.components.security.intercept
09.
* @Description:
10.
*/
11.
public
class
UserAuthenticationProcessingFilter
extends
AuthenticationProcessingFilter
12.
{
13.
private
IUserService userService =
null
;
14.
private
IUserLoginLogService userLoginLogService=
null
;
15.
public
IUserLoginLogService getUserLoginLogService()
16.
{
17.
return
userLoginLogService;
18.
}
19.
20.
public
void
setUserLoginLogService(IUserLoginLogService userLoginLogService)
21.
{
22.
this
.userLoginLogService = userLoginLogService;
23.
}
24.
public
IUserService getUserService()
25.
{
26.
return
userService;
27.
}
28.
29.
public
void
setUserService(IUserService userService)
30.
{
31.
this
.userService = userService;
32.
}
33.
34.
protected
void
onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)
throws
IOException
35.
{
36.
if
(
null
!= authResult)
37.
{
38.
String username=
null
;
39.
Object obj=authResult.getPrincipal();
40.
if
(obj
instanceof
UserDetails) {
41.
username = ((UserDetails) obj).getUsername();
42.
}
else
{
43.
username = obj.toString();
44.
}
45.
WebAuthenticationDetails webDetails = (WebAuthenticationDetails) authResult.getDetails();
46.
String ip = webDetails.getRemoteAddress();
47.
if
(StringUtils.isNotEmpty(username))
48.
{
49.
User user = (User) ((UserDetailsService)
this
.getUserService()).loadUserByUsername(username);
50.
if
(
null
!= user)
51.
{
52.
UserLoginLog entity =
new
UserLoginLog();
53.
entity.setUser(user);
54.
entity.setIp(ip);
55.
this
.getUserLoginLogService().save(entity);
56.
}
57.
}
58.
}
59.
}
60.
}
以此来记录用户的登录日志,当然,还可以实现相应的:
onUnsuccessfulAuthentication(request, response, failed);
与上述代码类似.
同时,用户还可能通过RemeberMe功能进行自动登录,这时,就需要对另外一个进行重载,代码如下:
01.
/**
02.
*
03.
*
04.
* @author:haipeng
05.
* @Copy Right:www.faceye.com
06.
* @System:www.faceye.com
07.
* @Create 2009-7-20
08.
* @Package com.faceye.components.security.intercept
09.
* @Description:
10.
*/
11.
public
class
UserRememberMeProcessingFilter
extends
RememberMeProcessingFilter
12.
{
13.
private
IUserService userService =
null
;
14.
private
IUserLoginLogService userLoginLogService=
null
;
15.
public
IUserService getUserService()
16.
{
17.
return
userService;
18.
}
19.
public
void
setUserService(IUserService userService)
20.
{
21.
this
.userService = userService;
22.
}
23.
public
IUserLoginLogService getUserLoginLogService()
24.
{
25.
return
userLoginLogService;
26.
}
27.
public
void
setUserLoginLogService(IUserLoginLogService userLoginLogService)
28.
{
29.
this
.userLoginLogService = userLoginLogService;
30.
}
31.
protected
void
onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
32.
Authentication authResult) {
33.
34.
if
(
null
!= authResult)
35.
{
36.
String username=
null
;
37.
Object obj=authResult.getPrincipal();
38.
if
(obj
instanceof
UserDetails) {
39.
username = ((UserDetails) obj).getUsername();
40.
}
else
{
41.
username = obj.toString();
42.
}
43.
WebAuthenticationDetails webDetails = (WebAuthenticationDetails) authResult.getDetails();
44.
String ip = webDetails.getRemoteAddress();
45.
if
(StringUtils.isNotEmpty(username))
46.
{
47.
User user = (User) ((UserDetailsService)
this
.getUserService()).loadUserByUsername(username);
48.
if
(
null
!= user)
49.
{
50.
UserLoginLog entity =
new
UserLoginLog();
51.
entity.setUser(user);
52.
entity.setIp(ip);
53.
this
.getUserLoginLogService().save(entity);
54.
}
55.
}
56.
}
57.
}
58.
}
至此,便可以完整的记录用户的登录日志了.