此版本仍在开发中,尚未被视为稳定版本。对于最新的稳定版本,请使用 Spring Security 6.3.3spring-doc.cn

此版本仍在开发中,尚未被视为稳定版本。对于最新的稳定版本,请使用 Spring Security 6.3.3spring-doc.cn

对于每个成功或失败的身份验证,将分别触发 a 或 。AuthenticationSuccessEventAuthenticationFailureEventspring-doc.cn

要侦听这些事件,您必须首先发布一个 . Spring Security 可以很好地实现此目的:AuthenticationEventPublisherDefaultAuthenticationEventPublisherspring-doc.cn

@Bean
public AuthenticationEventPublisher authenticationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
@Bean
fun authenticationEventPublisher
        (applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
    return DefaultAuthenticationEventPublisher(applicationEventPublisher)
}

然后你可以使用 Spring 的支持:@EventListenerspring-doc.cn

@Component
public class AuthenticationEvents {
	@EventListener
    public void onSuccess(AuthenticationSuccessEvent success) {
		// ...
    }

    @EventListener
    public void onFailure(AbstractAuthenticationFailureEvent failures) {
		// ...
    }
}
@Component
class AuthenticationEvents {
    @EventListener
    fun onSuccess(success: AuthenticationSuccessEvent?) {
        // ...
    }

    @EventListener
    fun onFailure(failures: AbstractAuthenticationFailureEvent?) {
        // ...
    }
}

虽然类似于 和 ,但它们很好,因为它们可以独立于 servlet API 使用。AuthenticationSuccessHandlerAuthenticationFailureHandlerspring-doc.cn

添加异常映射

默认情况下,为以下事件发布 :DefaultAuthenticationEventPublisherAuthenticationFailureEventspring-doc.cn

例外spring-doc.cn

事件spring-doc.cn

BadCredentialsExceptionspring-doc.cn

AuthenticationFailureBadCredentialsEventspring-doc.cn

UsernameNotFoundExceptionspring-doc.cn

AuthenticationFailureBadCredentialsEventspring-doc.cn

AccountExpiredExceptionspring-doc.cn

AuthenticationFailureExpiredEventspring-doc.cn

ProviderNotFoundExceptionspring-doc.cn

AuthenticationFailureProviderNotFoundEventspring-doc.cn

DisabledExceptionspring-doc.cn

AuthenticationFailureDisabledEventspring-doc.cn

LockedExceptionspring-doc.cn

AuthenticationFailureLockedEventspring-doc.cn

AuthenticationServiceExceptionspring-doc.cn

AuthenticationFailureServiceExceptionEventspring-doc.cn

CredentialsExpiredExceptionspring-doc.cn

AuthenticationFailureCredentialsExpiredEventspring-doc.cn

InvalidBearerTokenExceptionspring-doc.cn

AuthenticationFailureBadCredentialsEventspring-doc.cn

发布者执行完全匹配,这意味着这些异常的子类不会同时生成事件。Exceptionspring-doc.cn

为此,您可能希望通过以下方法向发布者提供额外的映射:setAdditionalExceptionMappingsspring-doc.cn

@Bean
public AuthenticationEventPublisher authenticationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    Map<Class<? extends AuthenticationException>,
        Class<? extends AbstractAuthenticationFailureEvent>> mapping =
            Collections.singletonMap(FooException.class, FooEvent.class);
    DefaultAuthenticationEventPublisher authenticationEventPublisher =
        new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
    return authenticationEventPublisher;
}
@Bean
fun authenticationEventPublisher
        (applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
    val mapping: Map<Class<out AuthenticationException>, Class<out AbstractAuthenticationFailureEvent>> =
            mapOf(Pair(FooException::class.java, FooEvent::class.java))
    val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
    authenticationEventPublisher.setAdditionalExceptionMappings(mapping)
    return authenticationEventPublisher
}

例外spring-doc.cn

事件spring-doc.cn

BadCredentialsExceptionspring-doc.cn

AuthenticationFailureBadCredentialsEventspring-doc.cn

UsernameNotFoundExceptionspring-doc.cn

AuthenticationFailureBadCredentialsEventspring-doc.cn

AccountExpiredExceptionspring-doc.cn

AuthenticationFailureExpiredEventspring-doc.cn

ProviderNotFoundExceptionspring-doc.cn

AuthenticationFailureProviderNotFoundEventspring-doc.cn

DisabledExceptionspring-doc.cn

AuthenticationFailureDisabledEventspring-doc.cn

LockedExceptionspring-doc.cn

AuthenticationFailureLockedEventspring-doc.cn

AuthenticationServiceExceptionspring-doc.cn

AuthenticationFailureServiceExceptionEventspring-doc.cn

CredentialsExpiredExceptionspring-doc.cn

AuthenticationFailureCredentialsExpiredEventspring-doc.cn

InvalidBearerTokenExceptionspring-doc.cn

AuthenticationFailureBadCredentialsEventspring-doc.cn

默认事件

您还可以提供一个 catch-all 事件,以便在 any 的情况下触发:AuthenticationExceptionspring-doc.cn

@Bean
public AuthenticationEventPublisher authenticationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    DefaultAuthenticationEventPublisher authenticationEventPublisher =
        new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    authenticationEventPublisher.setDefaultAuthenticationFailureEvent
        (AbstractAuthenticationFailureEvent.class);
    return authenticationEventPublisher;
}
@Bean
fun authenticationEventPublisher
        (applicationEventPublisher: ApplicationEventPublisher?): AuthenticationEventPublisher {
    val authenticationEventPublisher = DefaultAuthenticationEventPublisher(applicationEventPublisher)
    authenticationEventPublisher.setDefaultAuthenticationFailureEvent(AbstractAuthenticationFailureEvent::class.java)
    return authenticationEventPublisher
}