Should be able to set authenticationFailureHandler and authenticationSuccessHandler.
Right now this is not possible, so the only way to add these handlers is to define the X509 filter, wire in all the beans, etc. etc. (analogous to what X509Configurer.getFilter) does and then add the handler to the filter. This is too much boilerplate code which the configurer is otherwise hiding nicely.
We are trying to add a logging entry when authentication fails including the certificate and request details. The AuthenticationFailureHandler is the best place for it that I have found.
I looked around to fiddle with the order of the filters but adding a ResponseBodyLoggingFilter before security does log the request, but not the user. Adding it after security does not log a request with failed authentication.
Comment From: Darkvater
Actually one can use the AccessDeniedHandler but it's functionality/purpose is not exactly the same
Comment From: jzheaux
Thanks for the suggestion, @Darkvater. Have you already tried using the post-processor?
http.x509((x509) -> x509
.withObjectPostProcessor(new ObjectPostProcessor<X509AuthenticationFilter>() {
public X509AuthenticationFilter postProcess(X509AuthenticationFilter filter) {
filter.setAuthenticationSuccessHandler(...);
}
})
);
The nice thing about this solution is that you don't need to set up all the beans, etc. that you referred to in your description.
Comment From: Darkvater
The nice thing about this solution is that you don't need to set up all the beans, etc. that you referred to in your description.
Ah, did not think of that. That's actually not a bad alternative solution. Not as simple as using the configurer - as you don't see it in the builder - but once you realize the postprocess or option you can customize it as you want without going through all the trouble.
Comment From: jzheaux
Awesome, @Darkvater, I'm glad that worked for you. I'm going to close this ticket in favor of using the post-processor.