How can I get the username from a failed login using spring security?
You could instead supply your own version of DefaultAuthenticationEventPublisher and override the publishAuthenticationFailure method.
I did it this way:
Created a class that extends
SimpleUrlAuthenticationFailureHandler
Overrid the
onAuthenticationFailure
method, which receives anHttpServletRequest
as a parameter.request.getParameter("username")
, where"username"
is the name of my input in my HTML form.
Okay so the answer turned out to be something extremely simple yet as far as I can tell, not greatly discussed or documented.
Here's all I had to do (no configurations anywhere just created this class)...
import org.apache.log4j.Logger;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.stereotype.Component;
@Component
public class MyApplicationListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
private static final Logger LOG = Logger.getLogger(MyApplicationListener.class);
@Override
public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
Object userName = event.getAuthentication().getPrincipal();
Object credentials = event.getAuthentication().getCredentials();
LOG.debug("Failed login using USERNAME [" + userName + "]");
LOG.debug("Failed login using PASSWORD [" + credentials + "]");
}
}
I'm far from a spring security expert so if anyone reads this and knows of a reason we shouldn't do it like this or knows a better way I'd love to hear about it.