Announcement Announcement Module
Collapse
No announcement yet.
Custom Logging Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom Logging

    Hi all,
    I'm using spring security to provide security for an application written in spring mvc. In my application I want to log details related to user activity like login to the system, logout of system, switch user, session timeout, etc which are currently handled by spring security. So I can't figure out a way to add custom logging. I'm currently using commons logging to log. Hope some one help me out of here .
    Thanks in advance.

    kind regards,
    Dilan Anuruddha

  • #2
    check out these classes

    It's been a while since I have implemented custom logging, but I suspect that if you start with these classes (by looking at the source code for them), you could probably figure out exactly how to log what you need too.


    Code:
    org.springframework.security.event.authentication.LoggerListener
    
    and
    
    org.springframework.security.event.authorization.LoggerListener

    Comment


    • #3
      Originally posted by joshr View Post
      It's been a while since I have implemented custom logging, but I suspect that if you start with these classes (by looking at the source code for them), you could probably figure out exactly how to log what you need too.


      Code:
      org.springframework.security.event.authentication.LoggerListener
      
      and
      
      org.springframework.security.event.authorization.LoggerListener
      Thanks joshr. That was just what I was looking for.

      Comment


      • #4
        I see how I can do this by customizing the spring security LoggerListener classes then using that customized package. Is there another way of doing this without touching spring code, like extending something ....or attaching to something...

        joshr, what is the approach you took?

        Suggestions and comments are welcomed
        thanks,
        Dilan

        Comment


        • #5
          If you explicitly define your filters in your spring context file (don't rely on the ones created by the default filter chain), you can use aspect oriented programming to add logging to whatever methods you want. That way you don't need to modify any Spring source, and your custom logging code is completely decoupled.

          Something to think about....

          Steve

          Comment


          • #6
            Originally posted by anurudda_spring View Post
            I see how I can do this by customizing the spring security LoggerListener classes then using that customized package. Is there another way of doing this without touching spring code, like extending something ....or attaching to something...

            joshr, what is the approach you took?

            Suggestions and comments are welcomed
            thanks,
            Dilan
            Looks like I implemented this class ->
            Code:
            org.springframework.context.ApplicationListener
            and then filtered by type of event as follows (Works great if you only have a couple events you want to log):

            Code:
            public void onApplicationEvent(ApplicationEvent event)
               {
                  if (event instanceof AuthorizedEvent)
                  {
                     handleAuthorizedEvent((AuthorizedEvent) event);
                  }
                  
                  if (event instanceof AuthenticationSuccessEvent)
                  {
                     handleAuthenticationSuccessEvent((AuthenticationSuccessEvent) event);
                  }
                  
                  if (event instanceof AuthenticationCredentialsNotFoundEvent)
                  {
                     handleAuthenticationCredentialsNotFoundEvent((AuthenticationCredentialsNotFoundEvent) event);
                  }
            
                  if (event instanceof AuthorizationFailureEvent)
                  {
                     handleAuthorizationFailureEvent((AuthorizationFailureEvent) event);
                  }
                  
                  if (event instanceof PublicInvocationEvent)
                  {
                     handlePublicInvocationEvent((PublicInvocationEvent) event);
            
                  }
               }
            But the AOP approach is another good option as well, and probably the way to go if you have more than a couple of events to log, and you don't like doing it through the events option.
            Last edited by joshr; Oct 29th, 2008, 03:17 PM.

            Comment


            • #7
              Originally posted by joshr View Post
              Looks like I implemented this class ->
              Code:
              org.springframework.context.ApplicationListener
              and then filtered by type of event as follows (Works great if you only have a couple events you want to log):

              Code:
              public void onApplicationEvent(ApplicationEvent event)
                 {
                    if (event instanceof AuthorizedEvent)
                    {
                       handleAuthorizedEvent((AuthorizedEvent) event);
                    }
                    
                    if (event instanceof AuthenticationSuccessEvent)
                    {
                       handleAuthenticationSuccessEvent((AuthenticationSuccessEvent) event);
                    }
                    
                    if (event instanceof AuthenticationCredentialsNotFoundEvent)
                    {
                       handleAuthenticationCredentialsNotFoundEvent((AuthenticationCredentialsNotFoundEvent) event);
                    }
              
                    if (event instanceof AuthorizationFailureEvent)
                    {
                       handleAuthorizationFailureEvent((AuthorizationFailureEvent) event);
                    }
                    
                    if (event instanceof PublicInvocationEvent)
                    {
                       handlePublicInvocationEvent((PublicInvocationEvent) event);
              
                    }
                 }
              But the AOP approach is another good option as well, and probably the way to go if you have more than a couple of events to log, and you don't like doing it through the events option.
              I have also implemented org.springframework.context.ApplicationListener like

              Code:
              public class CustomListener implements ApplicationListener {
              
              	protected Log logger = LogFactory.getLog(getClass());
              	public void onApplicationEvent(ApplicationEvent event) {
              		logger.debug("AAAAAAAAAAAAAAAAAAAAAAAAAAAAA caught the event");
              	}
              
              }
              But nothing is getting logged! Is this correct?

              Comment


              • #8
                Are sure this class is being loaded by spring? i.e. you are loading it with the application Context file as a spring bean? Also, you have this class set to be logging in debug mode by your logger?

                Comment


                • #9
                  Originally posted by joshr View Post
                  Are sure this class is being loaded by spring? i.e. you are loading it with the application Context file as a spring bean? Also, you have this class set to be logging in debug mode by your logger?
                  Thanks joshr!
                  I loaded it as a bean and it started working!

                  Comment

                  Working...
                  X