18

I am trying to record current time of Login (in a method or object) once the login is successful and assign LastLogin time to current login time at logout. I am using spring security for login, logout. But I don't know how to take control to a method before it goes to the target-url.

spring-security.xml 

<security:form-login login-page="/login" login-processing-url="/home/currentTime" authentication-failure-url="/login?error=true" default-target-url="/home"/>

<security:logout invalidate-session="true" logout-success-url="/home/copyLastloginToCurrentLoginTime" logout-url="/logout" />

Controller 

@RequestMapping(value = "/currentTime", method = RequestMethod.GET)
public void recordCurrentLoginTime(Model model) { 
    // code to record current time 
}

@RequestMapping(value = "/copyLastloginToCurrentLoginTime", method = RequestMethod.GET)
public void changeLastLoginTime(Model model) {
    //code to copy current to last time 
}

Problem

I get Error 404 for - project-title/j_spring_security_check URL and when I try to debug, it doesn't come into the controller methods at all.

Should I use some filters or something else for this purpose?

I found this and that and but that didn't help.

Willi Mentzel
  • 27,862
  • 20
  • 113
  • 121
sara
  • 405
  • 2
  • 6
  • 15

2 Answers2

33

Write your own AuthenticationSuccessHandler and LogoutSuccessHandler.

Example:

spring-security.xml : 

<security:form-login login-page="/login"
    login-processing-url="/login_check"
    authentication-failure-url="/login?error=true"
    authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>

<security:logout
    logout-url="/logout"
    success-handler-ref="myLogoutSuccessHandler"
/>

AuthenticationSuccessHandler

@Component
public class MyAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    @Autowired
    private UserService userService;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {

        // changeLastLoginTime(username)
        userService.changeLastLoginTime(authentication.getName());

        setDefaultTargetUrl("/home");
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

LogoutSuccessHandler

@Component
public class MyLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        if (authentication != null) {
            // do something 
        }

        setDefaultTargetUrl("/login");
        super.onLogoutSuccess(request, response, authentication);       
    }
}
Willi Mentzel
  • 27,862
  • 20
  • 113
  • 121
lschin
  • 6,745
  • 2
  • 38
  • 52
  • 1
    One caveat I would mention is that this sets the default for all users every time, so once it is set it becomes the global redirect. – Erik Jan 28 '13 at 19:01
0

You can map a default-target-url in your mapping like

<security:form-login login-page="/login"
    login-processing-url="/login_check"
    authentication-failure-url="/login?error=true"
    default-target-url = "/welcome"
    authentication-success-handler-ref="myAuthenticationSuccessHandler"/>

When the user is authenticated it is the time when user accessed your system. Make a update through DAO in the user table with current date and time. Simple process and you are done

Kunwar Babu
  • 45
  • 3