I created Spring boot app using Jhipster. I wanted to create listener that will catch failed authentication.
@Component
public class AuthenticationFailureListener
implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
@Autowired
private LoginAttemptService loginAttemptService;
public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent e) {
WebAuthenticationDetails auth = (WebAuthenticationDetails) e.getAuthentication().getDetails();
if(auth!=null) {
loginAttemptService.loginFailed(auth.getRemoteAddress());
}
}
}
I am Using JWT. When i debug this method, i can see email and password, but details are null. So auth object is null so i can't see from which IP user tried to login. What should i change in order to get details here ?
I used a similar approach but injected the HttpRequest
@Component
public class AuthenticationFailureEventListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
private final Logger log = LoggerFactory.getLogger(AuthenticationFailureEventListener.class);
private final HttpServletRequest request;
private final LoginAttemptService loginAttemptService;
public AuthenticationFailureEventListener(HttpServletRequest request, LoginAttemptService loginAttemptService) {
this.request = request;
this.loginAttemptService = loginAttemptService;
}
@Override
public void onApplicationEvent(final AuthenticationFailureBadCredentialsEvent e) {
log.debug("Failed login try from {}", request.getRemoteAddr());
final String xfHeader = request.getHeader("X-Forwarded-For");
if (xfHeader == null) {
loginAttemptService.loginFailed(request.getRemoteAddr());
} else {
loginAttemptService.loginFailed(xfHeader.split(",")[0]);
}
}
}
This works really good.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.