{"id":875,"date":"2011-04-22T12:19:00","date_gmt":"2011-04-22T10:19:00","guid":{"rendered":""},"modified":"2022-08-02T13:05:52","modified_gmt":"2022-08-02T11:05:52","slug":"spring-security-authentication-success-handler-ref-and-authentication-failure-handler-ref-does-not-work-with-kerberosserviceauthenticationprovider","status":"publish","type":"post","link":"https:\/\/touk.pl\/blog\/2011\/04\/22\/spring-security-authentication-success-handler-ref-and-authentication-failure-handler-ref-does-not-work-with-kerberosserviceauthenticationprovider\/","title":{"rendered":"<!--:en-->Spring security authentication-success-handler-ref and authentication-failure-handler-ref does not work with KerberosServiceAuthenticationProvider<!--:-->"},"content":{"rendered":"<p><!--:en-->I&#8217;m using<\/p>\n<p><a href=\"http:\/\/static.springsource.org\/spring-security\/site\/\">SpringSecurity<\/a>\u00a0with\u00a0<a href=\"http:\/\/static.springsource.org\/spring-security\/site\/extensions\/krb\/docs\/1.0.x\/apidocs\/org\/springframework\/security\/extensions\/kerberos\/KerberosServiceAuthenticationProvider.html\">KerberosServiceAuthenticationProvider<\/a>\u00a0which is\u00a0<a href=\"http:\/\/web.mit.edu\/kerberos\/\">Kerberos<\/a>\u00a0<a href=\"http:\/\/static.springsource.org\/spring-security\/site\/extensions\/krb\/index.html\">security extension<\/a>. You can read how to use it on\u00a0<a href=\"http:\/\/blog.springsource.com\/2009\/09\/28\/spring-security-kerberos\/\">extension author&#8217;s blog<\/a>. But you cannot use handler on\u00a0<a href=\"http:\/\/static.springsource.org\/spring-security\/site\/docs\/3.0.x\/reference\/appendix-namespace.html#nsa-form-login\">form-login<\/a>\u00a0to catch authorization result. It&#8217;s because of inner construction of authorization filter chain calls. Maybe it can be considered a bug? The workaround is to implement\u00a0<a href=\"http:\/\/static.springsource.org\/spring\/docs\/3.0.x\/javadoc-api\/org\/springframework\/context\/ApplicationListener.html\">ApplicationListener<\/a>&lt;<a href=\"http:\/\/static.springsource.org\/spring-security\/site\/docs\/3.0.x\/apidocs\/org\/springframework\/security\/authentication\/event\/AuthenticationSuccessEvent.html\">AuthenticationSuccessEvent<\/a>&gt; and ApplicationListener&lt;<a href=\"http:\/\/static.springsource.org\/spring-security\/site\/docs\/3.0.x\/apidocs\/org\/springframework\/security\/authentication\/event\/AbstractAuthenticationFailureEvent.html\">AbstractAuthenticationFailureEvent<\/a>&gt; to catch proper events.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">package pl.touk.app.fe.server.security;<\/pre>\n<p>import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; public class UserSuccessfulLoginLogger implements ApplicationListener{ @Override public void onApplicationEvent(AuthenticationSuccessEvent event) { \/\/do something here } }<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">package pl.touk.app.fe.server.security;<\/pre>\n<p>import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; public class UserFailedLoginLogger implements ApplicationListener{ @Override public void onApplicationEvent(AbstractAuthenticationFailureEvent event) { \/\/do something here } } Then you init beans in Spring configuration<\/p>\n<p>A drawback is that one cannot have access to request and response as could have when using authentication-success-handler-ref and authentication-failure-handler-ref. But in my case I didn&#8217;t need that.<\/p>\n<p><strong>Tip!\u00a0<\/strong>If you cannot receive AuthenticationEvents\u00a0<a href=\"https:\/\/jira.springsource.org\/browse\/SEC-1272\">look at this page<\/a>.<br \/>\n<!--:--><\/p>\n","protected":false},"excerpt":{"rendered":"I&#8217;m using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author&#8217;s blog.But you cannot use handler on form-login to catch authorization result. It&#8217;s because of inne&#8230;I&#8217;m using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author&#8217;s blog.But you cannot use handler on form-login to catch authorization result. It&#8217;s because of inne&#8230;\n","protected":false},"author":22,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[697,321,42],"class_list":{"0":"post-875","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-development-design","7":"tag-os","8":"tag-security","9":"tag-spring-framework"},"_links":{"self":[{"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/posts\/875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/comments?post=875"}],"version-history":[{"count":17,"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/posts\/875\/revisions"}],"predecessor-version":[{"id":14836,"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/posts\/875\/revisions\/14836"}],"wp:attachment":[{"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/media?parent=875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/categories?post=875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/touk.pl\/blog\/wp-json\/wp\/v2\/tags?post=875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}