You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 31, 2022. It is now read-only.
BeforeAuthenticationEvent and BeforeLoginEvent - useful hook to prevent logging in before asking providers.
AfterAuthenticationEvent and AfterLoginEvent - These listeners are triggered for both positive and negative result. Not sure if they are useful. For preventing login with already loaded from DB user AuthenticationSuccessEvent can be used.
UserLoggedInEvent - reliably "successully logged in" event. Can be used for various reaction in business apps. The only analogue I see is io.jmix.sessions.events.JmixSessionCreatedEvent from jmix-sessions.
the standard spring security's way for pre/post authentication hooks are these methods:
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider#setPreAuthenticationChecks
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider#setPostAuthenticationChecks
So it looks like we need to provide a way of specifying preAuthenticationChecks / postAuthenticationChecks in a project without overriding the whole io.jmix.security.authentication.SecuredAuthenticationProvider.
The text was updated successfully, but these errors were encountered:
AuthenticationSuccessEvent. The event is fired after the user is successfully authenticated. Mapped to AuthenticationSuccessEvent
AuthenticationFailureEvent. The event is fired if the user authentication failed. Mapped to AbstractAuthenticationFailureEvent
BeforeLoginEvent/BeforeAuthenticationEvent. The event is fired before login/authentication procedure. No direct analogs. Use pre/post custom UserDetailsChecker that fires PreAuthenticationCheckEvent/PostAuthenticationCheckEvent events
AfterLoginEvent/AfterAuthenticationEvent. The event is fired after the user is logged in or login failed. No direct analogs.
UserLoggedInEvent. The event is published after the user is logged in and the user session is completely
initialized and stored in user sessions storage. No direct analogs. Use Spring Security InteractiveAuthenticationSuccessEvent that is fired from BackendUI/RememberMe service after authentication by login/password or remember me token. Fire the event when the user authenticates through REST.
CUBA had the following authentication-related hooks:
https://doc.cuba-platform.com/manual-7.2/login.html#login_events
https://www.cuba-platform.com/discuss/t/exception-in-service-when-invoked-from-authenticationeventlistener/13689/11
https://www.cuba-platform.com/discuss/t/timed-access-control-for-non-back-office-users/12812
https://www.cuba-platform.com/discuss/t/avoid-same-user-login-in-same-time-rest/4969/3
https://www.cuba-platform.com/discuss/t/set-custom-session-attribute-after-successful-login/7425
https://www.cuba-platform.com/discuss/t/access-groups-why-only-one-per-user/12329/29
Let's take a look what analogues we provide in Jmix.
No analogues in spring-security for:
According to https://stackoverflow.com/a/34298831/2032468, AuthenticationSuccessEvent doesn't always mean successful login.
Also as I see by Baeldung's example: https://www.baeldung.com/spring-security-restrict-authentication-by-geography
the standard spring security's way for pre/post authentication hooks are these methods:
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider#setPreAuthenticationChecks
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider#setPostAuthenticationChecks
So it looks like we need to provide a way of specifying preAuthenticationChecks / postAuthenticationChecks in a project without overriding the whole io.jmix.security.authentication.SecuredAuthenticationProvider.
The text was updated successfully, but these errors were encountered: