Comments on: Spring (Acegi) Security Account Lockout http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/ From the desk of a gadget lover Wed, 25 Aug 2010 18:40:34 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Hari Gangadharan http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-547 Hari Gangadharan Wed, 25 Aug 2010 18:40:34 +0000 http://www.harinair.com/?p=167#comment-547 @Michel Interesting. Normally it should throw a LockedException. @Michel
Interesting. Normally it should throw a LockedException.

]]> By: Tomek http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-546 Tomek Wed, 25 Aug 2010 13:48:44 +0000 http://www.harinair.com/?p=167#comment-546 ..... but as of Spring 3.0, new ApplicationListener can be declared and registered in AppContext to automatically filter events of exact type ….. but as of Spring 3.0, new ApplicationListener can be declared and registered in AppContext to automatically filter events of exact type

]]> By: Tomek http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-545 Tomek Wed, 25 Aug 2010 13:32:49 +0000 http://www.harinair.com/?p=167#comment-545 Good job :) Good job :)

]]> By: Michel http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-542 Michel Wed, 21 Jul 2010 11:56:26 +0000 http://www.harinair.com/?p=167#comment-542 @Hari Gangadharan Great explanation and examples. I implemented your good and get it to work without the autowire and a couple of adjustments. Now After 3 wrong login attempts spring change the value of accountNonlocked from 1 to 0 and failedLoginAttempts stand on 3. I think this is correct. But when I filled in a good Login, the user isn't blocked. The LoginSuccessEventlistener don't even come in the function isAccountNonLocked() so he never checked if the account is locked. I use Spring 2.5.6 en Spring-security 2.0 Do you have some experience with this? seems like a bug to me.... @Hari Gangadharan

Great explanation and examples. I implemented your good and get it to work without the autowire and a couple of adjustments.

Now After 3 wrong login attempts spring change the value of accountNonlocked from 1 to 0 and failedLoginAttempts stand on 3. I think this is correct. But when I filled in a good Login, the user isn’t blocked. The LoginSuccessEventlistener don’t even come in the function isAccountNonLocked() so he never checked if the account is locked.

I use Spring 2.5.6 en Spring-security 2.0 Do you have some experience with this? seems like a bug to me….

]]> By: Hari Gangadharan http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-522 Hari Gangadharan Thu, 01 Jul 2010 07:15:57 +0000 http://www.harinair.com/?p=167#comment-522 @Chalapathi: It is been years since I have coded context xml. Even in the days when the annotations were not there we used fake annotations in comments and used xdoclets to generate the context xml. First, you have to add all the Java classes without the annotations. Then find all classes that had @Component Annotation and define them in context xml (find the file with all these bean definitions): instead of @Component("eventDispatcher") you have to do the bean definition in the context xml: <bean id="eventDispatcher" class="your.package.EventDispatcher" /> For beans that have attributes with @Autowired, you have to define property injection in the bean definition - example: <bean id="loginFailureEventListener" class="your.package.LoginFailureEventListener" > <property name="userManager" ref="yourUserServiceBeanId" /> (You have to also add the @Autowired properties of the parent too - parent of this bean is EventListener and that has @Autowired for eventDispatcher attribute) <property name="eventDispatcher" ref="eventDispatcher" /> <bean > Hope this helps. @Chalapathi: It is been years since I have coded context xml. Even in the days when the annotations were not there we used fake annotations in comments and used xdoclets to generate the context xml. First, you have to add all the Java classes without the annotations. Then find all classes that had @Component Annotation and define them in context xml (find the file with all these bean definitions):
instead of @Component(”eventDispatcher”) you have to do the bean definition in the context xml:
<bean id=”eventDispatcher” class=”your.package.EventDispatcher” />

For beans that have attributes with @Autowired, you have to define property injection in the bean definition – example:
<bean id=”loginFailureEventListener” class=”your.package.LoginFailureEventListener” >
<property name=”userManager” ref=”yourUserServiceBeanId” />
(You have to also add the @Autowired properties of the parent too – parent of this bean is EventListener and that has @Autowired for eventDispatcher attribute)
<property name=”eventDispatcher” ref=”eventDispatcher” />
<bean >

Hope this helps.

]]> By: Chalapathi http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-520 Chalapathi Mon, 28 Jun 2010 11:29:20 +0000 http://www.harinair.com/?p=167#comment-520 Hi Gangadhar, Your post is very very helpful and very well explained also. I have just started working on acegi security. I'm working on an existing solution which is built on acegi-security 1.0.3. Also I'm new to Spring. My application is a web application which has a acegi-security.xml defined and placed in the WEB-INF folder. Can you please let me know how to add the above listeners in the above mentioned xml without using annotations and autowiring. Your inputs are highly appreciated. Thanks and regards, Chalapathi Hi Gangadhar,
Your post is very very helpful and very well explained also.
I have just started working on acegi security. I’m working on an existing solution which is built on acegi-security 1.0.3.
Also I’m new to Spring.

My application is a web application which has a acegi-security.xml defined and placed in the WEB-INF folder.
Can you please let me know how to add the above listeners in the above mentioned xml without using annotations and autowiring.
Your inputs are highly appreciated.

Thanks and regards,
Chalapathi

]]> By: Hari Gangadharan http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-513 Hari Gangadharan Wed, 02 Jun 2010 04:27:16 +0000 http://www.harinair.com/?p=167#comment-513 I use annotations to register the Spring beans. If you don't use annotations, you may have to define these beans in spring context XML. No separate registration of listeners is needed. It is all auto-wired and initialized by Spring... And Spring automatically registers the ApplicationEventListener since it implements ApplicationListener interface. I use annotations to register the Spring beans. If you don’t use annotations, you may have to define these beans in spring context XML. No separate registration of listeners is needed. It is all auto-wired and initialized by Spring… And Spring automatically registers the ApplicationEventListener since it implements ApplicationListener interface.

]]> By: User http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/comment-page-1/#comment-509 User Fri, 23 Apr 2010 18:43:11 +0000 http://www.harinair.com/?p=167#comment-509 Hi. Thanks for posting a solution to implement the custom listener. The question is where do I register these listeners? Reply is appreciated. Thanks. Hi.
Thanks for posting a solution to implement the custom listener. The question is where do I register these listeners? Reply is appreciated.

Thanks.

]]>