Results 1 to 4 of 4

Thread: Register login information in database

Hybrid View

  1. May 13th, 2008, 10:55 PM #1
    davidrvp
    davidrvp is offline Junior Member
    Join Date
    Feb 2008
    Posts
    7

    Default Register login information in database

    Hi, everyone.

    When someone logs in my application, I want to register in the database his user, the current timestamp and his IP. In addition, when this person logs out, I want to update that line I've inserted before with the logout timestamp.

    How could I implement this with Spring Security 2.0?

    Thanks.
    David
  2. May 15th, 2008, 06:35 AM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    You can add a listener for authentication events and extract the IP address from the Authentication.getDetails() value. Also you can add your own LogoutHandler to add behaviour during a logout. You'll find both of these discussed in the forum. Note that the logout handler won't be called for session timeouts.
  3. May 15th, 2008, 10:01 PM #3
    davidrvp
    davidrvp is offline Junior Member
    Join Date
    Feb 2008
    Posts
    7

    Default

    Luke, thanks for the information. It was very helpful.

    I'll explain how I've implemented this, in case someone else needs it:

    First, I created a class which implements ApplicationListener. In this class I had to implement the onApplicationEvent(ApplicationEvent event) method.

    Code:
    if (event instanceof AuthenticationSuccessEvent) {
   // Logon event
   UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) event.getSource();
   WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
   String login = (String) token.getCredentials();
			
   addToDataBase(login, event.getTimestamp(), details.getRemoteAddress(), details.getSessionId());
			
} else if (event instanceof HttpSessionDestroyedEvent) {
   // Logout event
   HttpSession session = (HttpSession) event.getSource();

   updateLogoffTimestamp(session.getId(), event.getTimestamp());		
}
    This works fine. Now, I have to handle the case of session timeout. Searching in this forum, I found out that if I register a listener in web.xml, the session timeout event will be caught by my application listener and nothing else needed to be done.

    Code:
    <listener>
  <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
    Problem solved (I think...).
  4. May 21st, 2008, 08:01 AM #4
    dhr_padla
    dhr_padla is offline Member
    Join Date
    Feb 2007
    Posts
    30

    Default

    Thanks for the thread. Googled 1st for "spring security login event"
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules