Spring security authentication-success-handler-ref and authentication-failure-handler-ref does not work with KerberosServiceAuthenticationProvider

I’m using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author’s blog.But you cannot use handler on form-login to catch authorization result. It’s because of inne…I’m using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author’s blog.But you cannot use handler on form-login to catch authorization result. It’s because of inne…

I’m using

SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author’s blog. But you cannot use handler on form-login to catch authorization result. It’s because of inner construction of authorization filter chain calls. Maybe it can be considered a bug? The workaround is to implement ApplicationListener<AuthenticationSuccessEvent> and ApplicationListener<AbstractAuthenticationFailureEvent> to catch proper events.

package pl.touk.app.fe.server.security;

import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; public class UserSuccessfulLoginLogger implements ApplicationListener{ @Override public void onApplicationEvent(AuthenticationSuccessEvent event) { //do something here } }

package pl.touk.app.fe.server.security;

import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; public class UserFailedLoginLogger implements ApplicationListener{ @Override public void onApplicationEvent(AbstractAuthenticationFailureEvent event) { //do something here } } Then you init beans in Spring configuration

A drawback is that one cannot have access to request and response as could have when using authentication-success-handler-ref and authentication-failure-handler-ref. But in my case I didn’t need that.

Tip! If you cannot receive AuthenticationEvents look at this page.

You May Also Like

Scrum w Polsce – TouK

Nasi koledzy z Fluidcircle opublikowali właśnie studium przypadku opisujące doświadczenia TouK z wykorzystania metodyki Scrum. Wszystko w ramach programu “Scrum…

ODEO new release

Recently, I released a new version 1.1.34 of ODEO (it's ODE tuned for Oracle and ServiceMix).You can check details (and downloads) here: http://top.touk.pl/confluence/display/top/ODEO.This version contains yet another set of fixes, which drive your BPE...Recently, I released a new version 1.1.34 of ODEO (it's ODE tuned for Oracle and ServiceMix).You can check details (and downloads) here: http://top.touk.pl/confluence/display/top/ODEO.This version contains yet another set of fixes, which drive your BPE...