search

mitreid-connect / OpenID-Connect-Java-Spring-Server

An OpenID Connect reference implementation in Java on the Spring platform.
Other
1.48k stars 765 forks source link

Is there a hook for onAuthenticationSuccess? #1430

Open iKrushYou opened 5 years ago

iKrushYou commented 5 years ago

I'm trying to implement an successhandler for my login but can't seem to get it working

public class AuthSuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {

        System.out.println("authorized");
    }

}
@Configuration
public class GatewaySecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public OIDCAuthenticationFilter authenticationFilter() throws Exception {
        OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();
        filter.setAuthenticationSuccessHandler(new AuthSuccessHandler());

        return filter;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterAfter(authenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
    }
}

I do apologize that this is a question and not an issue.. but I was hoping that posting directly to the repo I might get a better answer than on SO

elennick commented 5 years ago

We are able to listen for success events using the following:

@Component
public class AuthSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {
   ...
}
rhinmass commented 5 years ago

This worked for me:

@Component
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

    @Autowired
    AuthenticationSuccessHandler authenticationTimeStamper;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        //Do what needs to be done

       //pass to the next handler
      authenticationTimeStamper.onAuthenticationSuccess(request, response, authentication);
    }

In user-context.xml

    <security:http authentication-manager-ref="authenticationManager">
        <security:form-login login-page="/login" authentication-failure-url="/login?error=failure" 
            authentication-success-handler-ref="myAuthenticationHandler" />

    <bean id="myAuthenticationHandler"
          class="com.my.idp.MyAuthenticationSuccessHandler" />