{"id":23541,"date":"2015-07-23T16:04:20","date_gmt":"2015-07-23T10:34:20","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=23541"},"modified":"2015-07-24T13:52:28","modified_gmt":"2015-07-24T08:22:28","slug":"override-login-and-logout-of-spring-security-in-grails","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/override-login-and-logout-of-spring-security-in-grails\/","title":{"rendered":"Override login and logout of Spring Security in Grails"},"content":{"rendered":"

What if our use case is to perform any custom task for login and logout while keeping the beauty of spring security intact.\u00a0My use case\u00a0was to make a third party SOAP API call to perform login\/logout sending user’s detail as parameter.<\/p>\n

Override Login<\/strong><\/p>\n

Write own Authentication Provider class that extends AbstractUserDetailsAuthenticationProvider<\/em> and override authenticate<\/em> method. For reference we can see AbstractUserDetailsAuthenticationProvider<\/em><\/a>.<\/p>\n

Next we need to :<\/p>\n

1. Create bean of our custom Authentication Provider. It can be done in Resources.groovy<\/em> by writing<\/p>\n

[java] beans = {
\n ….
\n customAuthenticationProvider(CustomAuthenticationProvider)
\n ….
\n } [\/java]<\/p>\n

2. Register bean of our custom AuthenticationProvider . It can be done in BootStrap.groovy<\/em> by writing :<\/p>\n

[java]
\ndef init {
\n …
\n SpringSecurityUtils.registerProvider("customAuthenticationProvider")
\n …
\n}[\/java]<\/p>\n

Override\u00a0Logout<\/strong><\/p>\n

We have come to know three ways to do this :<\/p>\n

1. In most of the cases, we can write our custom task in target (action of corresponding link i.e. Logout, for example ‘index’ action of ‘LogoutController’) then redirect flow to\u00a0j_spring_security_logout.<\/em><\/p>\n

2. Write own LogoutHandler class that extends LogoutHandler<\/em> and override logout<\/em> method. For reference we can see SecurityContextLogoutHandler<\/em><\/a>.<\/p>\n

Next we need to create bean and register same of our custom LogoutHandler as we did for our custom AuthenticationProvider. Do I need to say that this time we need to write “SpringSecurityUtils.registerLogoutHandler” instead of “SpringSecurityUtils.registerProvider”? \u00a0 :-P.<\/p>\n

3. If we need to be sure that we are making third party API call once Spring’s logout was completed successfully, we can write our own Session Timeout Listener. It can be done in two ways :<\/p>\n

a) Implementing HttpSessionListener<\/em> :<\/p>\n

[java] <\/p>\n

public class MySessionListener implements HttpSessionListener {
\n public void sessionDestroyed(HttpSessionEvent sessionEvent) {
\n \/* Do whatever we want *\/
\n }
\n}[\/java]<\/p>\n

To see this listener working, we need to add this listener in servlet context. To do this, In BootStrap.groovy, add<\/p>\n

[java] def init = { servletContext – >
\n servletContext.addListener(MySessionListener)
\n }[\/java]<\/p>\n

b) Implementing ApplicationListener<\/em> :<\/p>\n

[java]
\npublic class SessionTimeoutListener implements ApplicationListener<SessionDestroyedEvent> {
\n @Override
\n public void onApplicationEvent(SessionDestroyedEvent event) {
\n \/*Do whatever we want to do. For example, To get Username of logged out user, we can write next block of code*\/
\n SecurityContext lstSecurityContext = event.getSecurityContext();
\n UserDetails ud;
\n for (SecurityContext securityContext : lstSecurityContext) {
\n ud = (UserDetails) securityContext.getAuthentication().getPrincipal();
\n System.out.println("Username of logged out user :" + ud.username)
\n }
\n }
\n } [\/java]<\/p>\n

To see it working, we just need to create it’s bean in Resources.groovy (As we did for CustomAuthenticationProvider and CustomLogoutHandler above).<\/p>\n

Hope this helps \ud83d\ude42 If it doesn’t then let us help you with your use case. Comment your use case below.<\/p>\n","protected":false},"excerpt":{"rendered":"

What if our use case is to perform any custom task for login and logout while keeping the beauty of spring security intact.\u00a0My use case\u00a0was to make a third party SOAP API call to perform login\/logout sending user’s detail as parameter. Override Login Write own Authentication Provider class that extends AbstractUserDetailsAuthenticationProvider and override authenticate method. […]<\/p>\n","protected":false},"author":230,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":54},"categories":[1],"tags":[2018,4840,672],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/23541"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/230"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=23541"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/23541\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=23541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=23541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=23541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}