Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationFailureCredentialsExpiredEvent not fired Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationFailureCredentialsExpiredEvent not fired

    I am using spring.security.version = 3.1.0.RELEASE. The problem I am having is that for some reason AuthenticationFailureCredentialsExpiredEvent is not fired.

    While debugging the code I found that AbstractUserDetailsAuthenticationProvider do display in the console that "User account credentials have expired". But I am still baffling as to why the event in concern is not triggered.

    Here is my code:

    Code:
    class JpaUserDetails implements UserDetails {
    ...
    ...
       @Override
       public boolean isCredentialsNonExpired() {
           if (some logic) {
               return true;
           }
           else {
               return false;
           }
       }
    }
    I do see AbstractUserDetailsAuthenticationProvider displaying in the console "User account credentials have expired" from the following lines of spring code:
    Code:
    public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, InitilizeBean, MessageSourceAware {
    ...
    ...
        private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
            public void check(UserDetails user) {
                if(!user.isCredentialsNonExpired()) {
                    logger.debug("User account credentials have expired");
                    throw new CredentialsExpiredException(message.getMessage(
                              "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
                              "User credentials have expired"), user);
                }
            }
        }
    }
    The issue is that when the user credentials have expired, I am expecting the Spring to generate the event AuthenticationFailureCredentialsExpiredEvent which I am handling in the following way:
    Code:
    class SecurityEventDispatcher implements ApplicationListener<ApplicationEvent> {
        final List<SecurityEventListener> listeners = new ArrayList<SecurityEventListener>();
    
        public void registerListener(SecurityEventListener listener) {
            this.listener.add(listener);
        }
    
        public void onApplicationEvent(ApplicationEvent event) {
            for (SecurityEventListener listener : this.listeners) {
                if(listener.canHandle(event)) {
                    listener.handle(event);
                }
            }
        }
    }
    This is how I am handling the login failure event:
    Code:
    public class LoginFailedEvent extends SecurityEventListener {
    
        @Override
        public boolean canHandle(Object event) {
            if(event instanceof AbstractAuthenticationFailureEvent) {
                return true;
            }
            else {
                return false;
            }
        }
    
        @Override
        public void handle(Object event) {
            if (event instanceof AuthenticationFailureBadCredentialsEvent) {
                // do something
            }
    
            if (event instanceof AuthenticationFailureCredentialsExpiredEvent) {
                // do something
            }
        }
    }
    The issue as I mentioned before is that AuthenticationFailureCredentialsExpiredEvent is never fired. I have tested the AuthenticationFailureBadCredentialsEvent which works fine.

    Does anyone have any idea what could be wrong? Any help will be highly appreciated.

  • #2
    You probably need to set the ProviderManager's (<authentication-manager>'s) eventPublisher to be something other than NullEventPublisher. There is not a simple way to do this via the <authentication-manager> tag, so you will want to create the AuthenticationProvider using standard beans configuration and inject it into a standard Spring Bean for the ProviderManager.

    Comment

    Working...
    X