Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the BasicAuthenticationFilter to allow callbacks for both successful and failed authentication events. #16281

Open
pongdangx2 opened this issue Dec 13, 2024 · 2 comments
Open

Improve the BasicAuthenticationFilter to allow callbacks for both successful and failed authentication events. #16281

pongdangx2 opened this issue Dec 13, 2024 · 2 comments
Assignees
@jzheaux
Labels
in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: enhancement A general enhancement

Comments

@pongdangx2
Copy link
Contributor

pongdangx2 commented Dec 13, 2024
edited
Loading

Expected Behavior

Can customize and set callback method in BasicAuthenticationFilter. (Such as logging, saving audit log .. etc)

Current Behavior

Now, there are two empty protected method called onSuccessFulAuthentication, onUnsuccessfulAuthentication.
I think it would be nice if I can customize the actions of these methods.

Context

I use Basic authentication for authentication in server-to-server communication within an private internal network.
And I wish I could save the information of client for audit log. (Which client call which api how many times during specific period)
For this reason, I looked into this BasicAuthenticaionFilter and I found those two empty methods.

So I wanna improve BasicAuthenticationFilter If youguys are ok with it.
@pongdangx2 pongdangx2 added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Dec 13, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Dec 16, 2024
edited
Loading

Thanks for your willingness to help, @pongdangx2.

Because BasicAuthenticationFilter already has those protected methods, I'd prefer to leave it as-is, when possible.

Given that you are wanting to write authentication details to your audit log, instead have you already tried listening for AuthenticationSuccessEvent and AbstractAuthenticationFailureEvent?

@Component
class AuthenticationAuditLogger {
    @EventListener
    void onSuccess(AuthenticationSuccessEvent success) { ... }

    @EventListener
    void onFailure(AbstractAuthenticationFailureEvent failure) { ... }
}

@jzheaux jzheaux self-assigned this Dec 16, 2024
@jzheaux jzheaux added status: waiting-for-feedback We need additional information before we can continue in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 16, 2024
@pongdangx2
Copy link
Contributor Author

@jzheaux Thank you for feedback :)
I'll try !!

Have a nice day.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jzheaux @spring-projects-issues @pongdangx2