ApplicationEventListener.java

package fr.mcc.ginco.security;

import javax.inject.Inject;
import javax.inject.Named;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;


public class ApplicationEventListener implements ApplicationListener<ApplicationEvent> {

	private Logger logger = LoggerFactory.getLogger(ApplicationEventListener.class);

	@Inject
	@Named("lockoutService")
	private LockoutService lockoutService;


	private void handleFailureEvent(String username, long timestamp) {
		if (!lockoutService.isLockedOut(username)) {
			lockoutService.notifyLoginFailure(username, timestamp);
		} else {
			logger.warn("Account " + username + " is locked...");
		}
	}

	private void registerSuccessLogin(String username) {
		this.lockoutService.notifyLoginSuccess(username);
	}

	@Override
	public void onApplicationEvent(ApplicationEvent event) {
		if (event instanceof AuthenticationSuccessEvent) {
			registerSuccessLogin(((AbstractAuthenticationEvent) event).getAuthentication().getName());
		}
		if (event instanceof AbstractAuthenticationFailureEvent) {
			String username = ((AbstractAuthenticationFailureEvent) event).getAuthentication().getName();
			String cause = ((AbstractAuthenticationFailureEvent) event).getException().toString();
			logger.warn("Failed authentication for user '" + username + " caused by " + cause);
			if (event instanceof AuthenticationFailureBadCredentialsEvent) {
				this.handleFailureEvent(username, event.getTimestamp());
			}
		}
	}

}