Commit 9e3f5da5 authored by Matija Obreza's avatar Matija Obreza
Browse files

Lockout fixes

parent 1d878153
......@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
*/
@Component
public class AuthenticationFailureBadCredentialsListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
private final Logger _log = LoggerFactory.getLogger(getClass());
private static final Logger LOG = LoggerFactory.getLogger(AuthenticationFailureBadCredentialsListener.class);
@Autowired
private AccountLockoutManager lockoutManager;
......@@ -43,7 +43,7 @@ public class AuthenticationFailureBadCredentialsListener implements ApplicationL
if (details != null && details instanceof WebAuthenticationDetails) {
final WebAuthenticationDetails wad = (WebAuthenticationDetails) details;
// This can be picked up by fail2ban http://www.fail2ban.org/
_log.warn("Failed login attempt for username={} from IP={}", userName, wad.getRemoteAddress());
LOG.warn("Failed login attempt for username={} from IP={}", userName, wad.getRemoteAddress());
}
lockoutManager.handleFailedLogin(userName);
......
......@@ -15,12 +15,13 @@
*/
package org.genesys.blocks.security.lockout;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys.blocks.security.model.BasicUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
......@@ -31,7 +32,7 @@ import org.springframework.stereotype.Component;
*/
@Component
public class AuthenticationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {
private final Log _log = LogFactory.getLog(getClass());
private static final Logger LOG = LoggerFactory.getLogger(AuthenticationSuccessListener.class);
@Autowired
private AccountLockoutManager lockoutManager;
......@@ -41,17 +42,19 @@ public class AuthenticationSuccessListener implements ApplicationListener<Authen
final Object principal = event.getAuthentication().getPrincipal();
String userName = null;
if (principal instanceof User) {
userName = ((User) principal).getUsername();
} else if (principal instanceof org.springframework.security.core.userdetails.User) {
userName = ((org.springframework.security.core.userdetails.User) principal).getUsername();
if (principal instanceof BasicUser<?>) {
userName = ((BasicUser<?>) principal).getUsername();
} else if (principal instanceof UserDetails) {
userName = ((UserDetails) principal).getUsername();
}
LOG.warn("successful lofin for username={} princ={}", userName, principal);
final Object details = event.getAuthentication().getDetails();
if (details != null && details instanceof WebAuthenticationDetails) {
final WebAuthenticationDetails wad = (WebAuthenticationDetails) details;
// This can be picked up by fail2ban http://www.fail2ban.org/
_log.info("Successful login attempt for username=" + userName + " from IP=" + wad.getRemoteAddress());
LOG.info("Successful login attempt for username={} from IP={}", userName, wad.getRemoteAddress());
}
lockoutManager.handleSuccessfulLogin(userName);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment