1

I am using Spring security to authenticate my users. I am trying to log users login and logout activity.

I was able to intercept the login using pointcut expression org.springframework.security.web.authentication.AuthenticationSuccessHandler.onAuthenticationSuccess().

But for logout activity it doesn't intercept using the pointcut expression org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler.onLogoutSuccess().

Below is my logLogoutActivity():

@After("execution(* org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler.onLogoutSuccess(..))") 
    @Transactional
    public void logLogoutActivity(JoinPoint joinPoint) throws Throwable {           
        prepareLogAndSave(HistoryLogCode.LOGGED_OUT.getId(), 
                HistoryLogCode.LOGGED_OUT.getValue(), "Successfully logged out.");
    }

How can I log the logout activity?

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
baymax
  • 11
  • 1
  • By implementing a `LogoutSuccessHandler` which logs that activity and delegates to the existing one. Using AOP for that is like shooting a fly with a canon. – M. Deinum Jul 12 '16 at 13:20
  • @M.Deinum, thanks for your response, currenty I am using below code for logout. .logout().logoutUrl("/logout") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()), do you mean I will overwrite the implementation of onLogoutSuccess() method and log there? – baymax Jul 12 '16 at 13:23
  • That is what I would do, instead of bolting it on with AOP. In the upcoming Spirng Security 4.2 (I guess) there will be an event fired when the logout is successful, which you could listen to. For now wrapping (or extending) the logoutsuccesshandler is easier then using AOP for it. – M. Deinum Jul 12 '16 at 13:29
  • @M.Deinum, this is clear now, thanks. – baymax Jul 13 '16 at 01:53

0 Answers0