Skip to content

Can't use custom authenticationEventPublisher on last ProviderManager #4400

New issue
New issue
Closed
Closed
Can't use custom authenticationEventPublisher on last ProviderManager#4400
Assignees
jzheaux
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
5.3.0.RC1
@mondaka

Description

@mondaka
mondaka
opened on Jun 16, 2017

Summary

When you extend WebSecurityConfigurerAdapter and override the method
protected final void configure(AuthenticationManagerBuilder auth) throws Exception
to set auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
it doesn't work propertly.

Actual Behavior

When you use the auth.authenticationEventPublisher(defaultAuthenticationEventPublisher) method
to set a custom AuthenticationEventPublisher, the localConfigureAuthenticationBldr (that is an AuthenticationManagerBuilder instance which manage AuthenticationManager buiding) on WebSecurityConfigurerAdapter doesn't build anything (returns null, because it needs AuthenticationProviders to be built).

I have tried a workaround using a "dummy" AuthenticationProvider, but in this case, the structure of built ProviderManagers on WebSecurityConfigurerAdapter is: the one that is built by the localConfigureAuthenticationBldr is set as parent of the other one created by authenticationBuilder.

This causes that we can't set an AuthenticationEventPublisher at the ProviderManager built by authenticationBuilder and consequently, the exceptions thrown by this ProviderManager don't fire any event.

Expected Behavior

Set an AuthenticationEventPublisher on "last" ProviderManager (the one created by authenticationBuilder on WebSecurityConfigurerAdapter), that fire events on this ProviderManager and not in his parent.

Configuration

Version

4.1.0

Sample

@EnableWebSecurity
@Configuration
public abstract class MySecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
        http.x509()
            .authenticationUserDetailsService(authenticationUserDetailsService);
    }

    @Override
    protected final void configure(AuthenticationManagerBuilder auth) throws Exception {
    	auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
    }

   @Bean
   public DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher() {
         return   new DefaultAuthenticationEventPublisher();
   }
}

@Component
public class MyAppListener implements ApplicationListener<AbstractAuthenticationEvent>, ApplicationContextAware {
    
    private static final org.slf4j.Logger LOG =     
       org.slf4j.LoggerFactory.getLogger(MyAppListener .class);

    @Override
    public void onApplicationEvent(AbstractAuthenticationEvent authEvent) {
       LOG.debug("Event: " + authEvent.getClass().getName() + " throwed");
    }
}

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions