我正在使用Spring 3.2.0和相同版本的Spring安全性.成功登录后,用户将被重定向到受保护页面之一,如下所示.
I'm using Spring 3.2.0 and the same version of Spring security. On successful login, a user is redirected to one of the protected pages as follows.
public final class LoginSuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities()); if (roles.contains("ROLE_ADMIN")) { response.sendRedirect("admin_side/Home.htm"); return; } } }我正在使用Hibernate.成功登录后,如何更新数据库中的登录日期时间(上次登录)?我在登录页面上有一个提交按钮,其POST请求似乎未映射到其相应的登录控制器中的方法.登录表单的操作实际上已映射到Servlet-j_spring_security_check.
I'm using Hibernate. How can I update the login date-time (Last Login) in the database on successful login? I have a submit button on the login page whose POST request doesn't seem to map to a method in its corresponding login controller. The login form's action is actually mapped to the Servlet - j_spring_security_check.
如果需要,整个spring-security.xml文件如下.
The entire spring-security.xml file is as follows, if it is required.
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="www.springframework/schema/security" xmlns:beans="www.springframework/schema/beans" xmlns:xsi="www.w3/2001/XMLSchema-instance" xsi:schemaLocation="www.springframework/schema/beans www.springframework/schema/beans/spring-beans-3.2.xsd www.springframework/schema/security www.springframework/schema/security/spring-security-3.1.xsd"> <http pattern="/Login.htm*" security="none"></http> <http auto-config='true'> <!--<remember-me key="myAppKey"/>--> <session-management session-fixation-protection="newSession"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <intercept-url pattern="/admin_side/**" access="ROLE_ADMIN" requires-channel="any"/> <form-login login-page="/" default-target-url="/admin_side/Home.htm" authentication-failure-url="/LoginFailed.htm" authentication-success-handler-ref="loginSuccessHandler"/> <logout logout-success-url="/Login.htm" invalidate-session="true" delete-cookies="JSESSIONID"/> </http> <authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select email_id, password, enabled from user_table where lower(email_id)=lower(?)" authorities-by-username-query="select ut.email_id, ur.authority from user_table ut, user_roles ur where ut.user_id=ur.user_id and lower(ut.email_id)=lower(?)"/> </authentication-provider> </authentication-manager> <beans:bean id="loginSuccessHandler" class="loginsuccesshandler.LoginSuccessHandler"/> <global-method-security> <protect-pointcut expression="execution(* dao.*.*(..))" access="ROLE_ADMIN"/> </global-method-security> <!--<global-method-security secured-annotations="enabled" />--> </beans:beans>推荐答案
另一种方法是为 AuthenticationSuccessEvent .
An other way is to register an handler for the AuthenticationSuccessEvent.
@Service public class UserService implements ApplicationListener<AuthenticationSuccessEvent> { @Override public void onApplicationEvent(AuthenticationSuccessEvent event) { String userName = ((UserDetails) event.getAuthentication(). getPrincipal()).getUsername(); User user = this.userDao.findByLogin(userName); user.setLastLoginDate(new Date()); } }更多推荐
使用Spring Security成功登录后如何正确更新登录日期时间?
发布评论