Spring Security 更新身份验证成功后的上次登录日期

Question

如何在身份验证成功时触发我的方法？ 我想更新我的数据库列“上次登录日期”。在谷歌上查了一下，但仍然不明白应该如何完成。

这是我的 spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd"
         xmlns:security="http://www.springframework.org/schema/security">

<beans:bean id="dataSource1" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
    <beans:property name="url" value="jdbc:mysql://localhost:3306/myDB"/>
    <beans:property name="username" value="root"/>
    <beans:property name="password" value="root"/>
</beans:bean>

<!-- login page are exempted from security-->
<security:http pattern="/login" security="none"/>

<security:http auto-config="true">
    <intercept-url pattern="/page1" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE1" />
    <intercept-url pattern="/page2" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE2" />
    <intercept-url pattern="/page3" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE3" />    
    <intercept-url pattern="/*" access="ROLE_USER_ADMIN,ROLE_ACCOUNT" />  <!--/** all url -->

    <security:session-management>
        <security:concurrency-control
            max-sessions="2"
            expired-url="/login"  />
    </security:session-management>


    <!-- access deny for non privileged user -->
    <access-denied-handler error-page="/access-denied" />

    <!-- Logout -->
    <logout logout-success-url="/login?logout"  />
</security:http>


<beans:bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    <!-- After login, return to the last visited page -->
    <beans:property name="useReferer" value="true" />
</beans:bean>

<beans:bean id="authenticationSuccessHandlerWithoutReferer" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    <!-- After login, stay to the same page -->
    <beans:property name="useReferer" value="false" />
</beans:bean>
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource1" 
                           users-by-username-query="query-for-username-and-password"
                           authorities-by-username-query="query-for-username-enabled-authority" />
        <password-encoder hash="md5"/>

    </authentication-provider>
</authentication-manager>

我是 Spring Security 的新手。希望有人能帮助我。

编辑

@Component
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

@Autowired
AppUserDAO appUserDAO;

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
    Authentication authentication) throws IOException, ServletException {

     SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    String a = df.format(new Date());


    System.out.println(authentication.getName()+"@@@ "+a);

    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        String username = auth.getPrincipal().toString();

        appUserDAO.updateLastLoginAndIp(a, username);


}
}

Answer 1

您可以使用您想要执行的任何自定义实现来覆盖authenticationSuccessHandler。在这里您想要更新用户登录日期或其他一些类似的事件

public class CustomAuthenticationSuccessHandler extends  
                     SavedRequestAwareAuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request, 
                                    HttpServletResponse response,          
                                    Authentication authentication) throws IOException,ServletException {

    super.onAuthenticationSuccess(request, response, authentication);
    //Now add your custom logic to update database 
  }
}

现在您需要更新 xml 文件中的authenticationSuccessHandler 配置，如下所示。

<beans:bean id="authenticationSuccessHandler" class="yourpackage.CustomAuthenticationSuccessHandler">
      <beans:property name="useReferer" value="true" />
</beans:bean>

可选，

<beans:bean id="authenticationSuccessHandlerWithoutReferer" class="yourpackage.CustomAuthenticationSuccessHandler">
      <beans:property name="useReferer" value="false" />
</beans:bean>