Categorii

Spring Security authenification failure event


For security reasons you need limit failure login attempts in your application, simply you can do it using counter, that updates a count in the DB. Next I will show how to handle this event in Spring Security

1) First aproach is to use AuthentificationFailureHandler:

public class AuthentificationListener implements AuthenticationFailureHandler{

class:
    @Override
    public void onAuthenticationFailure(HttpServletRequest request,
             HttpServletResponse response, AuthenticationException ae)
             throws IOException, ServletException {
            UsernamePasswordAuthenticationToken user =(UsernamePasswordAuthenticationToken)ae.getAuthentication();

         // user contains required data
          response.sendRedirect("login?error=true");
}

spring-confix.xml, need to specify authentication-failure-handler-ref bean:
    <security:http auto-config="false" use-expressions="true" access-denied-page="/denied">
        <security:intercept-url pattern="/admin/**"    access="hasRole('ROLE_ADMIN')" />
        <security:form-login  login-page="/login" authentication-failure-handler-ref="myAuthErrorHandler" default-target-url="/test/success"/>          
        <security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
    </security:http>



2) Other aproach, is much more simple, you need to listen AuthenticationFailure Event:
@Component
public class UserAuthenticationErrorHandler implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
    @Override
    public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {

        Object userName = event.getAuthentication().getPrincipal();
        Object credentials = event.getAuthentication().getCredentials();
        System.out.println("Failed login using USERNAME " + userName);
       System.out.println("Failed login using PASSWORD " + credentials);
    }
}
Sursa
2012-07-12 21:26:00



Comenteaza





Ultimele 25 posturi adăugate

11:19:00„Anul lui Eminescu – Opere jubiliare ale geniului poeziei române” —» Biblioteca Publică or.Rîşcani
06:39:00DIN REVISTA TINERILOR —» Leo Butnaru
22:00:42Micuțul David Antonescu are șansa unei copilării fericite —» Curaj.TV | Media alternativă
06:48:00ELȚÎN ȘI... LIRICA JAPONEZĂ —» Leo Butnaru
23:21:34Fără Titlu —» Путепроводные Заметки
18:17:20Fără Titlu —» Путепроводные Заметки
16:08:57Fără Titlu —» Путепроводные Заметки
15:09:56Teatrele din Republica Moldova la FNT —» Biblioteca de Arte 'Tudor Arghezi'
05:45:00ADRIAN ALUI GHEORGHE DESPRE JURNAL —» Leo Butnaru
20:05:54Fără Titlu —» Путепроводные Заметки
11:17:00DE LA REALISMUL SOCIALIST LA LITERATURA Z A FASCISMULUI —» Leo Butnaru
05:25:00DIN POEZIA LUMII —» Leo Butnaru
14:54:55Fără Titlu —» Путепроводные Заметки
14:54:55Fără Titlu —» Путепроводные Заметки
12:59:25Compozitorul Vladimir Slivinschi  —» CHIŞINĂU MUZICAL | Blogul Bibliotecii de Arte "Tudor Arghezi"
05:50:00DIN POEZIA LUMII —» Leo Butnaru
03:21:22Fără Titlu —» Путепроводные Заметки
03:08:15Fără Titlu —» Путепроводные Заметки
17:34:19Fără Titlu —» Путепроводные Заметки
15:38:20Fără Titlu —» Путепроводные Заметки
14:12:35Fără Titlu —» Путепроводные Заметки
10:29:19FESTIS, 2025 —» Biblioteca de Arte 'Tudor Arghezi'
08:20:00JURNALUL CA MEMORIE —» Leo Butnaru
03:29:34Fără Titlu —» Путепроводные Заметки
21:48:21Fără Titlu —» Путепроводные Заметки