Spring Security Persist login actions in database

Hello, I suggest that you offer a functionality that persists login actions in DB, for example table LoginDetails(username,lastConnectionDate). Once the user logs in, a row will be inserted in this table with the corresponding data. I am available to give more information about this if needed.

Thanks;

Comment From: jzheaux

Thanks for the suggestion, @mazenaissa.

Auditing requirements vary widely across companies, making it quite tricky to offer something like this at the framework level.

Spring Security ships with several events, though, that you can subscribe to, including AuthenticationSuccessEvent and various AbstractAuthenticationFailureEvent implementations.

For example, you can do:

@Component
public class LoginDetailAuditor {
    @Autowired
    LoginDetailRepository loginDetails;

    @EventListener
    public void onAuthenticationSuccess(AuthenticationSuccessEvent event) {
        Authentication authentication = event.getAuthentication();
        LoginDetail detail = convertAuthenticationToDetail(authentication);
        this.loginDetails.save(detail);
    }
}

If there's a well-accepted library that offers robust auditing support, then it could be reasonable for Spring Security to integrate with it, or if there's a widely-accepted security auditing standard. In the absence of those, it would be hard for Spring Security to be successful at this kind of initiative.

Comment From: mazenaissa

Hello @jzheaux Thanks for your answer and i've already implemented my auditing feature with a solution similar to your example. Thanks,