2020-03-11 16:48:14 -06:00
[[servlet-events]]
2021-07-30 13:52:15 -05:00
= Authentication Events
2020-03-11 16:48:14 -06:00
2021-04-21 16:01:26 -05:00
For each authentication that succeeds or fails, a `AuthenticationSuccessEvent` or `AuthenticationFailureEvent`, respectively, is fired.
2020-03-11 16:48:14 -06:00
To listen for these events, you must first publish an `AuthenticationEventPublisher`.
2021-04-21 16:01:26 -05:00
Spring Security's `DefaultAuthenticationEventPublisher` works fine for this purpose:
2020-03-11 16:48:14 -06:00
2020-09-28 17:19:38 +02:00
====
.Java
[source,java,role="primary"]
2020-03-11 16:48:14 -06:00
----
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
----
2020-09-28 17:19:38 +02:00
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
return DefaultAuthenticationEventPublisher(applicationEventPublisher)
}
----
====
2021-04-21 16:01:26 -05:00
Then you can use Spring's `@EventListener` support:
2020-03-11 16:48:14 -06:00
2020-09-28 17:19:38 +02:00
====
.Java
[source,java,role="primary"]
2020-03-11 16:48:14 -06:00
----
@Component
public class AuthenticationEvents {
@EventListener
public void onSuccess(AuthenticationSuccessEvent success) {
// ...
}
@EventListener
2021-07-12 14:22:18 -04:00
public void onFailure(AbstractAuthenticationFailureEvent failures) {
2020-03-11 16:48:14 -06:00
// ...
}
}
----
2020-09-28 17:19:38 +02:00
.Kotlin
[source,kotlin,role="secondary"]
----
@Component
class AuthenticationEvents {
@EventListener
fun onSuccess(success: AuthenticationSuccessEvent?) {
// ...
}
@EventListener
fun onFailure(failures: AbstractAuthenticationFailureEvent?) {
// ...
}
}
----
====
2020-03-11 16:48:14 -06:00
While similar to `AuthenticationSuccessHandler` and `AuthenticationFailureHandler`, these are nice in that they can be used independently from the servlet API.
2021-07-30 13:52:15 -05:00
== Adding Exception Mappings
2020-03-11 16:48:14 -06:00
2021-04-21 16:01:26 -05:00
By default, `DefaultAuthenticationEventPublisher` publishes an `AuthenticationFailureEvent` for the following events:
2020-03-11 16:48:14 -06:00
|============
| Exception | Event
| `BadCredentialsException` | `AuthenticationFailureBadCredentialsEvent`
| `UsernameNotFoundException` | `AuthenticationFailureBadCredentialsEvent`
| `AccountExpiredException` | `AuthenticationFailureExpiredEvent`
| `ProviderNotFoundException` | `AuthenticationFailureProviderNotFoundEvent`
| `DisabledException` | `AuthenticationFailureDisabledEvent`
| `LockedException` | `AuthenticationFailureLockedEvent`
| `AuthenticationServiceException` | `AuthenticationFailureServiceExceptionEvent`
| `CredentialsExpiredException` | `AuthenticationFailureCredentialsExpiredEvent`
| `InvalidBearerTokenException` | `AuthenticationFailureBadCredentialsEvent`
|============
2021-04-21 16:01:26 -05:00
The publisher does an exact `Exception` match, which means that sub-classes of these exceptions do not also produce events.
2020-03-11 16:48:14 -06:00
2021-04-21 16:01:26 -05:00
To that end, you may want to supply additional mappings to the publisher through the `setAdditionalExceptionMappings` method:
2020-03-11 16:48:14 -06:00
2020-09-28 17:19:38 +02:00
====
.Java
[source,java,role="primary"]
2020-03-11 16:48:14 -06:00
----
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
Map<Class<? extends AuthenticationException>,
2021-07-12 14:22:18 -04:00
Class<? extends AbstractAuthenticationFailureEvent>> mapping =
2020-03-11 16:48:14 -06:00
Collections.singletonMap(FooException.class, FooEvent.class);
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
return authenticationEventPublisher;
}
----
2020-09-28 17:19:38 +02:00
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val mapping: Map<Class<out AuthenticationException>, Class<out AbstractAuthenticationFailureEvent>> =
mapOf(Pair(FooException::class.java, FooEvent::class.java))
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setAdditionalExceptionMappings(mapping)
return authenticationEventPublisher
}
----
====
2021-07-30 13:52:15 -05:00
== Default Event
2020-03-11 16:48:14 -06:00
2021-04-21 16:01:26 -05:00
You can also supply a catch-all event to fire in the case of any `AuthenticationException`:
2020-03-11 16:48:14 -06:00
2020-09-28 17:19:38 +02:00
====
.Java
[source,java,role="primary"]
2020-03-11 16:48:14 -06:00
----
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setDefaultAuthenticationFailureEvent
(GenericAuthenticationFailureEvent.class);
return authenticationEventPublisher;
}
----
2020-09-28 17:19:38 +02:00
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setDefaultAuthenticationFailureEvent(GenericAuthenticationFailureEvent::class.java)
return authenticationEventPublisher
}
----
====
