身份驗證事件
對於每次成功或失敗的身份驗證,都會分別觸發 AuthenticationSuccessEvent 或 AuthenticationFailureEvent。
若要監聽這些事件,您必須先發布 AuthenticationEventPublisher。Spring Security 的 DefaultAuthenticationEventPublisher 適用於此目的
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
return DefaultAuthenticationEventPublisher(applicationEventPublisher)
}然後您可以使用 Spring 的 @EventListener 支援
-
Java
-
Kotlin
@Component
public class AuthenticationEvents {
@EventListener
public void onSuccess(AuthenticationSuccessEvent success) {
// ...
}
@EventListener
public void onFailure(AbstractAuthenticationFailureEvent failures) {
// ...
}
}@Component
class AuthenticationEvents {
@EventListener
fun onSuccess(success: AuthenticationSuccessEvent?) {
// ...
}
@EventListener
fun onFailure(failures: AbstractAuthenticationFailureEvent?) {
// ...
}
}雖然與 AuthenticationSuccessHandler 和 AuthenticationFailureHandler 相似,但這些方法的優點在於它們可以獨立於 Servlet API 使用。
新增例外對應
預設情況下,DefaultAuthenticationEventPublisher 會針對以下事件發布 AuthenticationFailureEvent
例外 |
事件 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
發布者執行精確的 Exception 比對,這表示這些例外的子類別也不會產生事件。
為此,您可能會希望透過 setAdditionalExceptionMappings 方法為發布者提供額外的對應
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mapping =
Collections.singletonMap(FooException.class, FooEvent.class);
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
return authenticationEventPublisher;
}@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val mapping: Map<Class<out AuthenticationException>, Class<out AbstractAuthenticationFailureEvent>> =
mapOf(Pair(FooException::class.java, FooEvent::class.java))
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setAdditionalExceptionMappings(mapping)
return authenticationEventPublisher
}預設事件
您也可以提供一個捕捉所有事件,以便在發生任何 AuthenticationException 時觸發
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setDefaultAuthenticationFailureEvent
(GenericAuthenticationFailureEvent.class);
return authenticationEventPublisher;
}@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setDefaultAuthenticationFailureEvent(GenericAuthenticationFailureEvent::class.java)
return authenticationEventPublisher
}
