如何在验证成功时触发我的方法? 我想更新我的数据库列'上次登录日期'。在谷歌上看,但仍然无法理解应该如何做。
这是我的spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd"
xmlns:security="http://www.springframework.org/schema/security">
<beans:bean id="dataSource1" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/myDB"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<!-- login page are exempted from security-->
<security:http pattern="/login" security="none"/>
<security:http auto-config="true">
<intercept-url pattern="/page1" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE1" />
<intercept-url pattern="/page2" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE2" />
<intercept-url pattern="/page3" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE3" />
<intercept-url pattern="/*" access="ROLE_USER_ADMIN,ROLE_ACCOUNT" /> <!--/** all url -->
<security:session-management>
<security:concurrency-control
max-sessions="2"
expired-url="/login" />
</security:session-management>
<!-- access deny for non privileged user -->
<access-denied-handler error-page="/access-denied" />
<!-- Logout -->
<logout logout-success-url="/login?logout" />
</security:http>
<beans:bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- After login, return to the last visited page -->
<beans:property name="useReferer" value="true" />
</beans:bean>
<beans:bean id="authenticationSuccessHandlerWithoutReferer" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- After login, stay to the same page -->
<beans:property name="useReferer" value="false" />
</beans:bean>
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource1"
users-by-username-query="query-for-username-and-password"
authorities-by-username-query="query-for-username-enabled-authority" />
<password-encoder hash="md5"/>
</authentication-provider>
</authentication-manager>
我是Spring Security的新手。希望有人可以帮助我。
修改
@Component
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
AppUserDAO appUserDAO;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String a = df.format(new Date());
System.out.println(authentication.getName()+"@@@ "+a);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String username = auth.getPrincipal().toString();
appUserDAO.updateLastLoginAndIp(a, username);
}
}
答案 0 :(得分:2)
您可以使用要执行的任何自定义实现覆盖authenticationSuccessHandler。在这里,您要更新用户登录日期或其他类似活动
public class CustomAuthenticationSuccessHandler extends
SavedRequestAwareAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException,ServletException {
super.onAuthenticationSuccess(request, response, authentication);
//Now add your custom logic to update database
}
}
现在您需要在xml文件中更新authenticationSuccessHandler配置,如下所示。
<beans:bean id="authenticationSuccessHandler" class="yourpackage.CustomAuthenticationSuccessHandler">
<beans:property name="useReferer" value="true" />
</beans:bean>
可选,
<beans:bean id="authenticationSuccessHandlerWithoutReferer" class="yourpackage.CustomAuthenticationSuccessHandler">
<beans:property name="useReferer" value="false" />
</beans:bean>