I'm using
SpringSecurity with
KerberosServiceAuthenticationProvider which is
Kerberos security extension. You can read how to use it on
extension author's blog.
But you cannot use handler on
form-login to catch authorization result. It's because of inner construction of authorization filter chain calls. Maybe it can be considered a bug?
The workaround is to implement
ApplicationListener<
AuthenticationSuccessEvent> and ApplicationListener<
AbstractAuthenticationFailureEvent> to catch proper events.
package pl.touk.app.fe.server.security;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
public class UserSuccessfulLoginLogger implements ApplicationListener{
@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
//do something here
}
}
package pl.touk.app.fe.server.security;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
public class UserFailedLoginLogger implements ApplicationListener{
@Override
public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
//do something here
}
}
Then you init beans in Spring configuration
A drawback is that one cannot have access to request and response as could have when using authentication-success-handler-ref and authentication-failure-handler-ref.
But in my case I didn't need that.
Tip! If you cannot receive AuthenticationEvents
look at this page.