I am trying to record current time of Login (in a method or object) once the login is successful and assign LastLogin time to current login time at logout. I am using spring security for login, logout. But I don't know how to take control to a method before it goes to the target-url.
spring-security.xml
<security:form-login login-page="/login" login-processing-url="/home/currentTime" authentication-failure-url="/login?error=true" default-target-url="/home"/>
<security:logout invalidate-session="true" logout-success-url="/home/copyLastloginToCurrentLoginTime" logout-url="/logout" />
Controller
@RequestMapping(value = "/currentTime", method = RequestMethod.GET)
public void recordCurrentLoginTime(Model model) {
// code to record current time
}
@RequestMapping(value = "/copyLastloginToCurrentLoginTime", method = RequestMethod.GET)
public void changeLastLoginTime(Model model) {
//code to copy current to last time
}
Problem
I get Error 404 for - project-title/j_spring_security_check URL and when I try to debug, it doesn't come into the controller methods at all.
Should I use some filters or something else for this purpose?
I found this and that and but that didn't help.
The most common ways to implement redirection logic after login are: using HTTP Referer header. saving the original request in the session. appending original URL to the redirected login URL.
According to Spring Security 4.0.0 document: 4.2.4 Logout Handling. The logout element adds support for logging out by navigating to a particular URL. The default logout URL is /logout, but you can set it to something else using the logout-url attribute.
Basic Configuration The basic configuration of Spring Logout functionality using the logout() method is simple enough: @Configuration @EnableWebSecurity public class SecSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(final HttpSecurity http) throws Exception { http //... .
Spring Security provides login and logout features that we can use in our application. It is helpful to create secure Spring application.
Write your own AuthenticationSuccessHandler
and LogoutSuccessHandler
.
Example:
spring-security.xml :
<security:form-login login-page="/login"
login-processing-url="/login_check"
authentication-failure-url="/login?error=true"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout
logout-url="/logout"
success-handler-ref="myLogoutSuccessHandler"
/>
AuthenticationSuccessHandler
@Component
public class MyAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Autowired
private UserService userService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
// changeLastLoginTime(username)
userService.changeLastLoginTime(authentication.getName());
setDefaultTargetUrl("/home");
super.onAuthenticationSuccess(request, response, authentication);
}
}
LogoutSuccessHandler
@Component
public class MyLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
if (authentication != null) {
// do something
}
setDefaultTargetUrl("/login");
super.onLogoutSuccess(request, response, authentication);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With