我正在使用spring.security.version = 3.1.0.RELEASE。我遇到的問題是由於某種原因AuthenticationFailureCredentialsExpiredEvent未被解僱。Spring Security:AuthenticationFailureCredentialsExpiredEvent未被觸發
在調試代碼時,我發現AbstractUserDetailsAuthenticationProvider在控制檯中顯示「用戶帳戶憑據已過期」。但我仍然困惑於爲什麼這個事件不被觸發。
這裏是我的代碼:
class JpaUserDetails implements UserDetails {
...
...
@Override
public boolean isCredentialsNonExpired() {
if (some logic) {
return true;
}
else {
return false;
}
}
}
我確實看到AbstractUserDetailsAuthenticationProvider在控制檯中的「用戶帳戶的憑據已過期」顯示,從彈簧下面幾行代碼:
public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, InitilizeBean, MessageSourceAware {
...
...
private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
public void check(UserDetails user) {
if(!user.isCredentialsNonExpired()) {
logger.debug("User account credentials have expired");
throw new CredentialsExpiredException(message.getMessage(
"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
"User credentials have expired"), user);
}
}
}
}
的問題是,當用戶證書過期時,我期待Spring生成AuthenticationFailureCredentialsExpiredEvent事件,我正在通過以下方式處理事件:
class SecurityEventDispatcher implements ApplicationListener<ApplicationEvent> {
final List<SecurityEventListener> listeners = new ArrayList<SecurityEventListener>();
public void registerListener(SecurityEventListener listener) {
this.listener.add(listener);
}
public void onApplicationEvent(ApplicationEvent event) {
for (SecurityEventListener listener : this.listeners) {
if(listener.canHandle(event)) {
listener.handle(event);
}
}
}
}
這是怎麼了處理登錄失敗事件:
public class LoginFailedEvent extends SecurityEventListener {
@Override
public boolean canHandle(Object event) {
if(event instanceof AbstractAuthenticationFailureEvent) {
return true;
}
else {
return false;
}
}
@Override
public void handle(Object event) {
if (event instanceof AuthenticationFailureBadCredentialsEvent) {
// do something
}
if (event instanceof AuthenticationFailureCredentialsExpiredEvent) {
// do something
}
}
}
正如我前面提到的問題是AuthenticationFailureCredentialsExpiredEvent永遠不會被解僱。我已經測試了可以正常工作的AuthenticationFailureBadCredentialsEvent。
這是我得到的事件不正確的憑據:(這是工作的罰款)
org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
這是我在得到事件爲過期的密碼:
ServletRequestHandledEvent:URL = [/應用/ loginFailure]與failureCause = NULL
有沒有人有任何想法可能是錯的?任何幫助將不勝感激。
你可以分享'security-context.xml'文件 – 2015-09-09 22:13:22