前言
事件监听
- Spring Security设计了多种的扩展点,我们可以使用事件监听器来监听一些事件,从而做一些操作,如 日志记录、密码输入错误次数限制等
- 在
org.springframework.security.authentication.event
包下定义了发生认证时的所有事件类型,其中AbstractAuthenticationEvent
是所有事件的父类,其它事件都继承于AbstractAuthenticationEvent
,其子类有
AbstractAuthenticationFailureEvent
AuthenticationFailureBadCredentialsEvent
//认证失败事件AuthenticationFailureCredentialsExpiredEvent
AuthenticationFailureDisabledEvent
AuthenticationFailureExpiredEvent
AuthenticationFailureLockedEvent
AuthenticationFailureProviderNotFoundEvent
AuthenticationFailureProxyUntrustedEvent
AuthenticationFailureServiceExceptionEvent
AuthenticationSuccessEvent
//认证成功事件InteractiveAuthenticationSuccessEvent
//认证成功事件,通过自动交互的手段来登录成功,比如cookie自动登录
@EventListener注解方式
- 该方式需在自定义方法上添加注解即可,方法的参数是事件,无返回值
@Component
public class SpringSecurityListener{
private final Logger log= LoggerFactory.getLogger(this.getClass());
@EventListener
public void successListener(AuthenticationSuccessEvent authenticationSuccessEvent){
Authentication authentication=authenticationSuccessEvent.getAuthentication();
}
@EventListener
public void failListener(AuthenticationFailureBadCredentialsEvent authenticationFailureBadCredentialsEvent){
Authentication authentication=authenticationFailureBadCredentialsEvent.getAuthentication();
AuthenticationException authenticationException=authenticationFailureBadCredentialsEvent.getException();
log.info("login fail exception: {}",authenticationException.toString());
String principal=authentication.getPrincipal().toString();
log.info("login fail principal: {}",principal);
}
}
实现ApplicationListener接口
- 实现ApplicationListener泛型接口是Spring之前比较常用的监听事件的方式,在实现ApplicationListener接口时需要将监听事件作为接口的泛型传递,重写onApplicationEvent方法
@Component
public class AuthenticationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(AuthenticationSuccessEvent authenticationSuccessEvent) {
}
}