Spring安全更新身份验证成功时的最后登录日期
如何在认证成功时启动我的方法? 我想更新我的数据库列“上次登录日期”。在谷歌上四处查看,但仍然不明白应该如何做
这是我的春季保安。xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd"
xmlns:security="http://www.springframework.org/schema/security">
<beans:bean id="dataSource1" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/myDB"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<!-- login page are exempted from security-->
<security:http pattern="/login" security="none"/>
<security:http auto-config="true">
<intercept-url pattern="/page1" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE1" />
<intercept-url pattern="/page2" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE2" />
<intercept-url pattern="/page3" access="ROLE_USER_ADMIN,ROLE_ADMIN,ROLE_PAGE3" />
<intercept-url pattern="/*" access="ROLE_USER_ADMIN,ROLE_ACCOUNT" /> <!--/** all url -->
<security:session-management>
<security:concurrency-control
max-sessions="2"
expired-url="/login" />
</security:session-management>
<!-- access deny for non privileged user -->
<access-denied-handler error-page="/access-denied" />
<!-- Logout -->
<logout logout-success-url="/login?logout" />
</security:http>
<beans:bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- After login, return to the last visited page -->
<beans:property name="useReferer" value="true" />
</beans:bean>
<beans:bean id="authenticationSuccessHandlerWithoutReferer" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- After login, stay to the same page -->
<beans:property name="useReferer" value="false" />
</beans:bean>
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource1"
users-by-username-query="query-for-username-and-password"
authorities-by-username-query="query-for-username-enabled-authority" />
<password-encoder hash="md5"/>
</authentication-provider>
</authentication-manager>
我是春天安全的新手。希望有人能帮我
编辑
@Component
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
AppUserDAO appUserDAO;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String a = df.format(new Date());
System.out.println(authentication.getName()+"@@@ "+a);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String username = auth.getPrincipal().toString();
appUserDAO.updateLastLoginAndIp(a, username);
}
}
共 (0) 个答案