HttpSessionListener Equivalent?

[seru]

Hello!

Can anyone tell me if there is an equivalent of a session listener within the Acegi framework?

I want to perform some arbitrary tasks when a user has been authenticated and also when they log out.

Thanks

Paul

[Ben Alex]

No, but Acegi Security publishes authentication events under net.sf.acegisecurity.providers.dao.event. In CVS there is also a new net.sf.acegisecurity.intercept.event for security interception events. Take a look at either LoggerListener for an example of how to write a listener.

[seru]

OK thanks - I missed that paragraph in the documentation.

I've implemented a listener now that performs my task upon successful authentication.

I'm still a bit unsure of how to do something when a user logs off though - there doesn't seem to be an event for that.

We're using a logout.jsp that just invalidates the session. I really don't want to use a session listener here as I'd like to keep everything within Spring/Acegi.

What would you recommend.

Cheers
Paul

[Ben Alex]

Acegi Security does not have a notion of "logout". Typically people do what you've done, in that they use HttpSession invalidation. If you need a Spring-only solution you'll need to write a logout MVC controller that fires a logout event prior to performing the HttpSession invalidation.