对于每个成功或失败的身份验证,将分别触发一个 AuthenticationSuccessEvent 或 AbstractAuthenticationFailureEvent 。
要侦听这些事件,你必须首先发布一个 AuthenticationEventPublisher,Spring Security 的 DefaultAuthenticationEventPublisher 可能会做得很好:
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
然后,你可以使用 Spring 的@EventListener 支持:
@Component
public class AuthenticationEvents {
@EventListener
public void onSuccess(AuthenticationSuccessEvent success) {
// ...
}
@EventListener
public void onFailure(AbstractAuthenticationFailureEvent failures) {
// ...
}
}
虽然类似于 AuthenticationSuccessHandler 和 AuthenticationFailureHandler,但它们很好,因为它们可以独立于Servlet API使用。
添加异常映射(Adding Exception Mappings)
默认情况下,DefaultAuthenticationEventPublisher 将为以下事件发布一个 AbstractAuthenticationFailureEvent :
| Exception | Event |
|---|---|
| BadCredentialsException | AuthenticationFailureBadCredentialsEvent |
| UsernameNotFoundException | AuthenticationFailureBadCredentialsEvent |
| AccountExpiredException | AuthenticationFailureExpiredEvent |
| ProviderNotFoundException | AuthenticationFailureProviderNotFoundEvent |
| DisabledException | AuthenticationFailureDisabledEvent |
| LockedException | AuthenticationFailureLockedEvent |
| AuthenticationServiceException | AuthenticationFailureServiceExceptionEvent |
| CredentialsExpiredException | AuthenticationFailureCredentialsExpiredEvent |
| InvalidBearerTokenException | AuthenticationFailureBadCredentialsEvent |
| 发布者执行精确的异常匹配,这意味着这些异常的子类不会也生成事件。 | |
| 为此,您可能需要通过 setAdditionalExceptionMappings 方法向发布者提供额外的映射: |
@Bean
public AuthenticationEventPublisher authenticationEventPublisher (ApplicationEventPublisher applicationEventPublisher) {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mapping =
Collections.singletonMap(FooException.class, FooEvent.class);
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
return authenticationEventPublisher;
}
默认事件(Default Event)
您可以提供一个通用事件,以便在发生任何身份验证异常的情况下触发:
@Bean
public AuthenticationEventPublisher authenticationEventPublisher
(ApplicationEventPublisher applicationEventPublisher) {
AuthenticationEventPublisher authenticationEventPublisher =
new DefaultAuthenticationEventPublisher(applicationEventPublisher);
authenticationEventPublisher.setDefaultAuthenticationFailureEvent
(GenericAuthenticationFailureEvent.class);
return authenticationEventPublisher;
}
![自定义退出登录的处理,自定义退出登录逻辑[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)