Announcement Announcement Module
Collapse
No announcement yet.
Is it possible to access SecurityContextHolder from a listener? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it possible to access SecurityContextHolder from a listener?

    I'm implementing a listener to listen for authentication events and based on the particular event to manipulate the user account in the db. But some reason I get a null pointer exception when trying to get the username. Here's the code for my listener. Does anyone see what I'm doing wrong?


    Code:
    public class CoastalApplicationSecurityListener implements ApplicationListener {
    	
    	private UserAccountFacade facade = null;
    	public void setAccountFacade(UserAccountFacade facade) {
    		this.facade = facade;
    	}
    	
    	
    	public void onApplicationEvent(ApplicationEvent event) {
    		if (event instanceof AuthorizedEvent) {
    			AuthorizedEvent authorizedEvent = (AuthorizedEvent) event;
    			System.out.println("authorized:" + authorizedEvent);
    			
    		} else if (event instanceof AuthorizationFailureEvent) {
    			AuthorizationFailureEvent authorizationFailureEvent = (AuthorizationFailureEvent) event;
    			System.out.println("not authorized:" + authorizationFailureEvent);
    			
    		} else if (event instanceof AuthenticationFailureBadCredentialsEvent) {
    			AuthenticationFailureBadCredentialsEvent badCredentialsEvent = (AuthenticationFailureBadCredentialsEvent) event;
    			System.out.println("************************************************badCredentials event***********************************");
    			System.out.println("badCredentials:" + badCredentialsEvent);
    			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    			String username = authentication.getName();
    	        facade.processLoginFailure(username, new Date(event.getTimestamp()));
    			System.out.println("********************************************end of badCredentials event***********************************");
    			
    			
    		} else if (event instanceof AuthenticationSuccessEvent) {
    			AuthenticationSuccessEvent authenticationSuccessEvent = (AuthenticationSuccessEvent) event;
    		    if (((AuthenticationSuccessEvent) event).getAuthentication() != null) {
    				Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    				String username = authentication.getName();
    		        // On successful login, reset login attempts and set last login date in database
    		        facade.processSuccessLogin(username, new Date(event.getTimestamp()));
    		      }
    
    			System.out.println("authSuccess:" + authenticationSuccessEvent);
    			
    		} else if (event instanceof AuthenticationFailureExpiredEvent) {
    			AuthenticationFailureExpiredEvent accountExpirationEvent = (AuthenticationFailureExpiredEvent) event;
    			System.out.println("accountExpirationEvent:" + accountExpirationEvent);
    			String username = ((AuthenticationSuccessEvent) event).getAuthentication().getName();
    	        facade.processLoginFailure(username, new Date(event.getTimestamp()));
    			
    		}else if (event instanceof AuthenticationFailureLockedEvent) {
    			AuthenticationFailureLockedEvent accountLockedEvent = (AuthenticationFailureLockedEvent) event;
    			System.out.println("accountLockedEvent:" + accountLockedEvent);
    			
    		}else if (event instanceof AuthenticationFailureDisabledEvent) {
    			AuthenticationFailureDisabledEvent accountDisabledEvent = (AuthenticationFailureDisabledEvent) event;
    			System.out.println("accountDisabledEvent:" + accountDisabledEvent);
    			
    		}else if (event instanceof AuthenticationFailureCredentialsExpiredEvent) {
    			AuthenticationFailureCredentialsExpiredEvent credentialsExpiredEvent = (AuthenticationFailureCredentialsExpiredEvent) event;
    			System.out.println("credentialsExpiredEvent:" + credentialsExpiredEvent);
    
    		}else {
    			System.out.println("undefined: " + event.getClass().getName());
    		}
    	}
    }

  • #2
    I think the problem here is that you can't ensure the SecurityContextHolder still has any credentials, if the authentication was unsuccessful it could indeed return null. If you look at AbstractAuthenticationEvent however, you can actually get the Authentication from the event.
    http://www.acegisecurity.org/multipr...tionEvent.html

    Comment

    Working...
    X