Authentication Events
对于每个身份验证成功或失败,都会分别触发 AuthenticationSuccessEvent
或 AuthenticationFailureEvent
。
要侦听这些事件,必须首先发布 AuthenticationEventPublisher
。Spring Security 的 DefaultAuthenticationEventPublisher
非常适合用作该用途:
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
return DefaultAuthenticationEventPublisher(applicationEventPublisher)
}
然后可以使用 Spring 的 @EventListener
支持:
-
Java
-
Kotlin
@Component
public class AuthenticationEvents {
@EventListener
public void onSuccess(AuthenticationSuccessEvent success) {
// ...
}
@EventListener
public void onFailure(AbstractAuthenticationFailureEvent failures) {
// ...
}
}
@Component
class AuthenticationEvents {
@EventListener
fun onSuccess(success: AuthenticationSuccessEvent?) {
// ...
}
@EventListener
fun onFailure(failures: AbstractAuthenticationFailureEvent?) {
// ...
}
}
虽然类似于 AuthenticationSuccessHandler
和 AuthenticationFailureHandler
,但这些支持很不错,因为可以将它们独立于 servlet API 使用。
Adding Exception Mappings
默认情况下,DefaultAuthenticationEventPublisher
为以下事件发布 AuthenticationFailureEvent
:
Exception |
Event |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
发布者进行确切的 Exception
匹配,这意味着这些异常的子类也不会生成事件。
为此,可能希望通过 setAdditionalExceptionMappings
方法为发布者提供其他映射:
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mapping =
Collections.singletonMap(FooException.class, FooEvent.class);
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
return authenticationEventPublisher;
}
@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val mapping: Map<Class<out AuthenticationException>, Class<out AbstractAuthenticationFailureEvent>> =
mapOf(Pair(FooException::class.java, FooEvent::class.java))
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setAdditionalExceptionMappings(mapping)
return authenticationEventPublisher
}
Default Event
还可以提供一个 catch-all 事件,以便在出现任何 AuthenticationException
时触发:
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setDefaultAuthenticationFailureEvent
(GenericAuthenticationFailureEvent.class);
return authenticationEventPublisher;
}
@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setDefaultAuthenticationFailureEvent(GenericAuthenticationFailureEvent::class.java)
return authenticationEventPublisher
}