Announcement Announcement Module
Collapse
No announcement yet.
saving LastLogin date Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • saving LastLogin date

    Hi,

    I've configured acegi security with my spring-app. Now what I'd like to achieve is to save login date when user enters the site.

    I have implemented an ApplicationListener listening to AuthenticationSuccessEvent, but event is fired at every request, not just when user first logs in.
    This way, my dao will always save the lastlogin till user do not logout, this way lastlogin shows lastLogout time, not the precise lastLogin time. What's more, saving success date every time this way is consuming.

    How to listen to that event only once (at first login)? which event to use?

    Thanks for help,
    Thomas

  • #2
    It is firing at every request most likely because you are using the NullUserCache. As a result, Acegi checks the credentials at every request. If you want to continue to use the NullUserCache, I'd recommend not using an ApplicationListener and instead putting in your DAO something like:

    Code:
    User user = (User)((SecureContext) ContextHolder.getContext()).getAuthentication().getPrincipal();
    
    if (user == null) {
         user = findUser(username);
         user.setLastLoginDate(new Date());
         updateUser(user);
    }
    The other way to do it is to not use a NullUserCache and use the EhCache. Then you can continue to use the AppListener.

    Hope this helps....

    Comment


    • #3
      Rexxe,

      Thanks, I'm using now EhCache.

      One more thing to ask: I'm using rememberMe service, but when using it AuthenticationSuccessEvent is not published. How to force a successEvent in this case?

      Regards,
      Thomas

      Comment


      • #4
        I've set my EhCache as follows found in ehcache-failsafe.xml:
        Code:
            <defaultCache
                maxElementsInMemory="10000"
                eternal="false"
                overflowToDisk="true"
                timeToIdleSeconds="120"
                timeToLiveSeconds="120"
                diskPersistent="false"
                diskExpiryThreadIntervalSeconds="120"
                />
        The problem is that after 120 seconds a successEvent is published in the background again. I tried to set timeTo..Seconds with 0 = infinite values, no success. Do you have any ehcache config, to achieve that on each "real" login one event should be published?

        Comment


        • #5
          Seems another way to do it is to subclass the AuthenticationProcessingFilter like this:
          Code:
          public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter &#123;
          	
              private Log log = LogFactory.getLog&#40;getClass&#40;&#41;&#41;;
          		
              protected void onSuccessfulAuthentication&#40;HttpServletRequest request,
                      HttpServletResponse response, Authentication authResult&#41;
                      throws IOException &#123;
              	User user = &#40;User&#41;&#40;&#40;SecureContext&#41; ContextHolder.getContext&#40;&#41;&#41;.getAuthentication&#40;&#41;.getPrincipal&#40;&#41;;
              	log.info&#40;"login succesful for " + user.getUsername&#40;&#41;&#41;;
          
              &#125;	
          
          &#125;

          Comment


          • #6
            In CVS HEAD there are a number of improvements to event semantics. The authentication mechanisms (ie XXXXProcessingFilter) now publish net.sf.acegisecurity.ui.InteractiveAuthenticationS uccesEvent. Also http://opensource2.atlassian.com/pro.../browse/SEC-50 notes changes to be made to the AuthenticationProviders.

            Comment

            Working...
            X