Announcement Announcement Module
No announcement yet.
Register login information in database Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Register login information in database

    Hi, everyone.

    When someone logs in my application, I want to register in the database his user, the current timestamp and his IP. In addition, when this person logs out, I want to update that line I've inserted before with the logout timestamp.

    How could I implement this with Spring Security 2.0?


  • #2
    You can add a listener for authentication events and extract the IP address from the Authentication.getDetails() value. Also you can add your own LogoutHandler to add behaviour during a logout. You'll find both of these discussed in the forum. Note that the logout handler won't be called for session timeouts.


    • #3
      Luke, thanks for the information. It was very helpful.

      I'll explain how I've implemented this, in case someone else needs it:

      First, I created a class which implements ApplicationListener. In this class I had to implement the onApplicationEvent(ApplicationEvent event) method.

      if (event instanceof AuthenticationSuccessEvent) {
         // Logon event
         UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
         WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
         String login = (String) token.getCredentials();
         addToDataBase(login, event.getTimestamp(), details.getRemoteAddress(), details.getSessionId());
      } else if (event instanceof HttpSessionDestroyedEvent) {
         // Logout event
         HttpSession session = (HttpSession) event.getSource();
         updateLogoffTimestamp(session.getId(), event.getTimestamp());		
      This works fine. Now, I have to handle the case of session timeout. Searching in this forum, I found out that if I register a listener in web.xml, the session timeout event will be caught by my application listener and nothing else needed to be done.

      Problem solved (I think...).


      • #4
        Thanks for the thread. Googled 1st for "spring security login event"