@EventListener for AuthenticationSuccessEvent or InteractiveAuthenticationSuccessEvent not fired

Question

I have this listener in the context of Spring:

package listeners;

import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spr         


        

Answer 1

You may need to register the event-publishing infrastructure (eg. by configuring a DefaultAuthenticationEventPublisher).

@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {

    ...

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .authenticationEventPublisher(authenticationEventPublisher())
            .userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
    }   

    @Bean
    public DefaultAuthenticationEventPublisher authenticationEventPublisher() {
        return new DefaultAuthenticationEventPublisher();
    }
}

Answer 2

This is how i achieved it.

1) In your Application class, expose your application listener like

@Bean
public ApplicationListener applicationListener(){
    return new AuthSuccessApplicationListener();
}

2) Implement AuthSuccessApplicationListener for example

public class AuthSuccessApplicationListener implements 
ApplicationListener<InteractiveAuthenticationSuccessEvent>{

@Autowired(required=false)
HttpSession httpSession;

@Autowired
Environment env;

/**
 * Handle an application event.
 *
 * @param appEvent the event to respond to
 */
@Override
public void onApplicationEvent(InteractiveAuthenticationSuccessEvent appEvent) {

    if (appEvent!=null) {
        LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) appEvent.getAuthentication().getPrincipal();
    try {
            if (ldapUserDetailsImpl != null) {

                logger.info("Session Created for " + ldapUserDetailsImpl.getUsername());

                if (httpSession.getAttribute("adminUser") == null) {
                    // check user is admin and set into session
                    if (isAdminUser(ldapUserDetailsImpl.getUsername())) {
                        httpSession.setAttribute("adminUser", "ADMIN_USER");
                        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
                        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(auth.getAuthorities());
                        // Add the ROLE_ADMIN into Authorities
                        authorities.add(new SimpleGrantedAuthority(SecurityConfig.ADMIN));
                        // Create a new Authentication based on current principal and authorities and set into Security Context
                        Authentication newAuth = new UsernamePasswordAuthenticationToken(auth.getPrincipal(), auth.getCredentials(), authorities);
                        SecurityContextHolder.getContext().setAuthentication(newAuth);
                    }
                }
            }
        } catch (Exception e) {
            logger.error("Exception occurred : " + e.getMessage());
        }
    }
}