Capture successful login with AspectJ and Spring Security

Question

i'm using spring security and AspectJ to log application's behavior. I need to capture a successful login and log it. My spring security configuration:

<security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true">
    <security:intercept-url pattern="/login" access="permitAll"/>
    <security:intercept-url pattern="/loginFailed" access="permitAll"/>
    <security:intercept-url pattern="/viewUserAccounts" access="hasRole('ROLE_ANTANI')" />
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <security:custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
    <security:form-login
    login-page="/login"
    authentication-failure-url="/loginFailed"
    login-processing-url="/loginAttempt"
    password-parameter="password"
    username-parameter="username"
    />
</security:http>

How can i define the right pointcut?

Answer 1

here's a solution to grab the results form the AuthenticationManager;

the context part (simplified version of what you have)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

    <security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="test" password="test" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

    <aop:aspectj-autoproxy proxy-target-class="true"/>

    <bean class="de.incompleteco.spring.aspect.UsernamePasswordAuthenticationFilterAspect"/>
</beans>

and the pointcut

package de.incompleteco.spring.aspect;

import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.security.core.Authentication;

@Aspect
public class AuthenticationManagerAspect {

    @AfterReturning(pointcut="execution(* org.springframework.security.authentication.AuthenticationManager.authenticate(..))"
            ,returning="result")
    public void after(JoinPoint joinPoint,Object result) throws Throwable {
        System.out.println(">>> user: " + ((Authentication) result).getName());
    }

}

this will allow you to access the authentication object after it's come back from the AuthenticationManager.