Přeskočit na hlavní obsah

Acegi - logujeme loginy

Používáte-li pro správu přístupu k vaší webové aplikaci framework Acegi, možná se vám bude hodit zaznamenávat uživatelské přístupy (platné loginy) někam do databáze. Zde je jeden ze způsobů jak se s tímto problémem vypořádat. Následující přiklad používá Hibernate a databázi Oracle.

Nejdříve si připravím vlastní metodu pro zápis do databáze v DAO. Umístím ji do třídy cz.mujpackage.dao.UserDao, která rozšiřuje org.springframework.orm.hibernate3.support.HibernateDaoSupport a poskytuje metody pro správu uživatelů, rolí, apod. Pro zvýšení výkonu použiji v Hibernate SQLQuery namísto vytváření instance třídy modelu a jejího ukládání pomocí metody save(...). 

/**
* Adds log entry to table AUTH_LOG (Oracle database form - pk_sequence has to be configured)
* @param aName username
* @param aRemoteAddress remote address of request
*/
public void logAuthenticationSuccess(final String aName, final String aRemoteAddress) {
  final HibernateCallback callback = new HibernateCallback() {
    public Object doInHibernate(final Session session) throws HibernateException {
      return session
        .createSQLQuery("insert into AUTH_LOG (id, datum, user, address)" +
            " values (pk_sequence.nextval, sysdate, :user, :address)")
        .setParameter("user", aName)
        .setParameter("address", aRemoteAddress)
        .executeUpdate();
    }
  };
  getHibernateTemplate().execute(callback);
}

Nyní přijde hlavní část a to zachycení události, která je vyvolána při úspěšném přihlášení uživatele do systému. Vytvořím tedy implementaci interfejsu org.springframework.context.ApplicationListener a budu obsluhovat události typu InteractiveAuthenticationSuccessEvent. 

package cz.mujpackage.acegi;

import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.acegisecurity.ui.WebAuthenticationDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.util.Assert;

import cz.mujpackage.dao.UserDao;


/**
* Logs the successful authentication to database table
* @author Josef Cacek
*/
public class MyAuthListener implements ApplicationListener, InitializingBean {

  protected final Log log = LogFactory.getLog(getClass());

  private UserDao userDao;

  /**
   * Writes entry to AUTH_LOG table when InteractiveAuthenticationSuccessEvent comes
   * @see org.springframework.context.ApplicationListener#onApplicationEvent(org.springframework.context.ApplicationEvent)
   */
  public void onApplicationEvent(ApplicationEvent event) {
        if (event instanceof InteractiveAuthenticationSuccessEvent) {
             final Authentication tmpAuth = SecurityContextHolder.getContext().getAuthentication();
             log.debug("InteractiveAuthenticationSuccessEvent: " + tmpAuth.getName());
             if (tmpAuth.getDetails() instanceof WebAuthenticationDetails) {
               final WebAuthenticationDetails webDetails =
                 (WebAuthenticationDetails) tmpAuth.getDetails();
               userDao.logAuthenticationSuccess(tmpAuth.getName(),webDetails.getRemoteAddress());
             } else {
               log.warn("Authentication.getDetails() not instance of WebAuthenticationDetails: "
                   + tmpAuth.getDetails());
             }
        }
    }

  /**
   * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
   */
  public void afterPropertiesSet() throws Exception {
    Assert.notNull(userDao);
  }

  /**
   * @return the userDao
   */
  public UserDao getUserDao() {
    return userDao;
  }

  /**
   * @param userDao the userDao to set
   */
  public void setUserDao(UserDao userDao) {
    this.userDao = userDao;
  }

}

Teď už zbývá pouze nakonfigurovat beanu v applicationContext.xml a je hotovo: 

<bean id="myAuthListener" class="cz.mujpackage.acegi.MyAuthListener">
    <property name="userDao" ref="userDao"/>
</bean>

A jak by řekl Forrest Gump

....a to je asi tak vše, co vím o krevetách

Štítky:

Komentáře

Anonymní píše…
Moc diky za clanek, velmi mi pomohl.
23. ledna 2008 v 11:08
Josef Cacek píše…
Jsem rád, když Javlog pomáhá vyřešit problémy, se kterými se občas sám potýkám. :-)
23. ledna 2008 v 11:25
Okomentovat

Populární příspěvky z tohoto blogu

Three ways to redirect HTTP requests to HTTPs in WildFly and JBoss EAP

WildFly application server (and JBoss EAP) supports several simple ways how to redirect the communication from plain HTTP to TLS protected HTTPs. This article presents 3 ways. Two are on the application level and the last one is on the server level valid for requests to all deployments. 1. Request confidentiality in the deployment descriptor The first way is based on the Servlet specification. You need to specify which URLs should be protected in the web.xml deployment descriptor. It's the same approach as the one used for specifying which URLs require authentication/authorization. Just instead of requesting an assigned role, you request a transport-guarantee . Sample content of the WEB-INF/web.xml <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1...
Okomentovat
Další informace

Simple TLS certificates in WildFly 18

It's just 2 weeks when WildFly 18 was released. It includes nice improvements in TLS certificates handling through ACME protocol (Automatic Certificate Management Environment), it greatly simplifies obtaining valid HTTPS certificates. There was already a support for the Let's Encrypt CA in WildFly 14 as Farah Juma described in her blog post last year. New WildFly version allows using other CA-s with ACME protocol support. It also adds new switch --lets-encrypt to interactive mode of security enable-ssl-http-server JBoss CLI commands. Let's try it. Before we jump on WildFly configuration, let's just mention the HTTPs can be used even in the default configuration and a self-signed certificate is generated on the fly. Nevertheless, it's not secure and you should not use it for any other purpose than testing. Use Let's Encrypt signed certificate for HTTPs application interface Start WildFly on a machine with the public IP address. Run it on the defaul...
Okomentovat
Další informace

Enable Elytron in WildFly

Steps to enable Elytron in WildFly nightly builds. There is an ongoing effort to bring a new security subsystem Elytron to WildFly and JBoss EAP. For some time a custom server profile named standalone-elytron.xml  existed beside other profiles in standalone/configuration directory. It was possible to use it for playing with Elytron. The custom Elytron profile was removed now.  The Elytron subsystem is newly introduced to all standard server profiles. The thing is, the Elytron is not used by default and users have to enable it in the subsystems themselves. Let's look into how you can enable it. Get WildFly nightly build # Download WildFly nightly build wget --user=guest --password=guest https://ci.wildfly.org/httpAuth/repository/downloadAll/WF_Nightly/.lastSuccessful/artifacts.zip # unzip build artifacts zip. It contains WildFly distribution ZIP unzip artifacts.zip # get the WildFly distribution ZIP name as property WILDFLY_DIST_ZIP=$(ls wildfly-*-SNAPSHOT.zip)...
Okomentovat
Další informace