認證事件
對於每次認證成功或失敗,都會分別觸發一個 AuthenticationSuccessEvent 或 AuthenticationFailureEvent。
要監聽這些事件,你必須首先發佈一個 AuthenticationEventPublisher。Spring Security 的 DefaultAuthenticationEventPublisher 適用於此目的
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
return DefaultAuthenticationEventPublisher(applicationEventPublisher)
}然後你可以使用 Spring 的 @EventListener 支援
-
Java
-
Kotlin
@Component
public class AuthenticationEvents {
@EventListener
public void onSuccess(AuthenticationSuccessEvent success) {
// ...
}
@EventListener
public void onFailure(AbstractAuthenticationFailureEvent failures) {
// ...
}
}@Component
class AuthenticationEvents {
@EventListener
fun onSuccess(success: AuthenticationSuccessEvent?) {
// ...
}
@EventListener
fun onFailure(failures: AbstractAuthenticationFailureEvent?) {
// ...
}
}雖然與 AuthenticationSuccessHandler 和 AuthenticationFailureHandler 類似,但這些事件的好處在於它們可以獨立於 Servlet API 使用。
新增異常對映
預設情況下,DefaultAuthenticationEventPublisher 會針對以下事件釋出 AuthenticationFailureEvent
異常 |
事件 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
釋出器進行精確的 Exception 匹配,這意味著這些異常的子類不會產生事件。
為此,你可能希望透過 setAdditionalExceptionMappings 方法為釋出器提供額外的對映
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mapping =
Collections.singletonMap(FooException.class, FooEvent.class);
DefaultAuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
return authenticationEventPublisher;
}@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val mapping: Map<Class<out AuthenticationException>, Class<out AbstractAuthenticationFailureEvent>> =
mapOf(Pair(FooException::class.java, FooEvent::class.java))
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setAdditionalExceptionMappings(mapping)
return authenticationEventPublisher
}預設事件
你還可以提供一個捕獲所有 AuthenticationException 的事件
-
Java
-
Kotlin
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
DefaultAuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setDefaultAuthenticationFailureEvent
(AbstractAuthenticationFailureEvent.class);
return authenticationEventPublisher;
}@Bean
fun authenticationEventPublisher
(applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
authenticationEventPublisher.setDefaultAuthenticationFailureEvent(AbstractAuthenticationFailureEvent::class.java)
return authenticationEventPublisher
}
