使用AspectJ和Spring Security捕獲成功的登錄

我使用spring security和AspectJ來記錄應用程序的行爲。我需要捕獲一個成功的登錄並記錄它。我的春節，安全配置：使用AspectJ和Spring Security捕獲成功的登錄

<security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true"> 
    <security:intercept-url pattern="/login" access="permitAll"/> 
    <security:intercept-url pattern="/loginFailed" access="permitAll"/> 
    <security:intercept-url pattern="/viewUserAccounts" access="hasRole('ROLE_ANTANI')" /> 
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> 
    <security:custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/> 
    <security:form-login 
    login-page="/login" 
    authentication-failure-url="/loginFailed" 
    login-processing-url="/loginAttempt" 
    password-parameter="password" 
    username-parameter="username" 
    /> 
</security:http>

我如何定義合適的切入點？

來源

2013-04-24 matteosilv

使用** [AuthenticationSuccessHandler]（http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/web/authentication/AuthenticationSuccessHandler.html）* *代替。看到回答http://stackoverflow.com/a/6770785/227804 – lschin 2013-04-24 09:50:20

已經這樣做，但是我們想嘗試使用aspectj來登錄 – matteosilv 2013-04-24 10:54:44

這裏有一個解決方案來抓取AuthenticationManager的結果;

上下文部分（你有什麼的簡化版本）

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:aop="http://www.springframework.org/schema/aop" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd"> 

    <security:http auto-config="true"> 
     <security:intercept-url pattern="/**" access="ROLE_USER"/> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider> 
      <security:user-service> 
       <security:user name="test" password="test" authorities="ROLE_USER"/> 
      </security:user-service> 
     </security:authentication-provider> 
    </security:authentication-manager> 

    <aop:aspectj-autoproxy proxy-target-class="true"/> 

    <bean class="de.incompleteco.spring.aspect.UsernamePasswordAuthenticationFilterAspect"/> 
</beans>

和切入點

package de.incompleteco.spring.aspect; 

import org.aspectj.lang.JoinPoint; 
import org.aspectj.lang.annotation.AfterReturning; 
import org.aspectj.lang.annotation.Aspect; 
import org.springframework.security.core.Authentication; 

@Aspect 
public class AuthenticationManagerAspect { 

    @AfterReturning(pointcut="execution(* org.springframework.security.authentication.AuthenticationManager.authenticate(..))" 
      ,returning="result") 
    public void after(JoinPoint joinPoint,Object result) throws Throwable { 
     System.out.println(">>> user: " + ((Authentication) result).getName()); 
    } 

}

這將允許你它來自的AuthenticationManager回來後訪問的認證對象

來源

2013-04-24 08:44:08

這是編譯好，但不幸的是不打印任何東西。無論如何感謝 – matteosilv 2013-04-24 09:49:52

終於得到它的工作！謝謝。但是它將打印兩次消息。所以我代替： @After（「執行（* org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess（..））」） \t公共無效認證（）{ \t \t的System.out.println （「User」+ SecurityContextHolder.getContext（）。getAuthentication（）。getName（）+「成功登錄。」）; \t} – matteosilv 2013-04-24 14:45:19

使用AspectJ和Spring Security捕獲成功的登錄

回答

相關問題