Announcement Announcement Module
Collapse
No announcement yet.
Register login information in database Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Register login information in database

    Hi, everyone.

    When someone logs in my application, I want to register in the database his user, the current timestamp and his IP. In addition, when this person logs out, I want to update that line I've inserted before with the logout timestamp.

    How could I implement this with Spring Security 2.0?

    Thanks.
    David

  • #2
    You can add a listener for authentication events and extract the IP address from the Authentication.getDetails() value. Also you can add your own LogoutHandler to add behaviour during a logout. You'll find both of these discussed in the forum. Note that the logout handler won't be called for session timeouts.

    Comment


    • #3
      Luke, thanks for the information. It was very helpful.

      I'll explain how I've implemented this, in case someone else needs it:

      First, I created a class which implements ApplicationListener. In this class I had to implement the onApplicationEvent(ApplicationEvent event) method.

      Code:
      if (event instanceof AuthenticationSuccessEvent) {
         // Logon event
         UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
         WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
         String login = (String) token.getCredentials();
      			
         addToDataBase(login, event.getTimestamp(), details.getRemoteAddress(), details.getSessionId());
      			
      } else if (event instanceof HttpSessionDestroyedEvent) {
         // Logout event
         HttpSession session = (HttpSession) event.getSource();
      
         updateLogoffTimestamp(session.getId(), event.getTimestamp());		
      }
      This works fine. Now, I have to handle the case of session timeout. Searching in this forum, I found out that if I register a listener in web.xml, the session timeout event will be caught by my application listener and nothing else needed to be done.

      Code:
      <listener>
        <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
      </listener>
      Problem solved (I think...).

      Comment


      • #4
        Thanks for the thread. Googled 1st for "spring security login event"

        Comment

        Working...
        X