Summary
I recently upgraded spring-security to 5.2.0.RELEASE so I could take advantage of the new LogoutSuccessEvent. After the upgrade I now am receiving the LogoutSuccessEvent using an @EventListener, but I no longer receive AuthenticationFailureBadCredentialsEvent events, which were triggered if a bad password was entered on login prior to upgrading spring-security. There are no events triggered for bad password that I can listen for since upgrading to spring-security 5.2.0.RELEASE.
Actual Behavior
- Setup event listener for AuthenticationFailureBadCredentialsEvent. e.g.
@Component public class AuditListener { @EventListener public void authenticationFailed(AuthenticationFailureBadCredentialsEvent event){ System.out.println("AuthenticationFailureBadCredentialsEvent event triggered"); } }
2.Build and run application 3.Attempt to login to application with bad password 4.No log of AuthenticationFailureBadCredentialsEvent event is captured
Expected Behavior
- Setup event listener for AuthenticationFailureBadCredentialsEvent e.g.
@Component public class AuditListener { @EventListener public void authenticationFailed(AuthenticationFailureBadCredentialsEvent event){ System.out.println("AuthenticationFailureBadCredentialsEvent event triggered"); } }
2.Build and run application 3.Attempt to login to application with bad password 4.Log of AuthenticationFailureBadCredentialsEvent event is captured
Configuration
spring-boot.version=2.1.1.RELEASE spring-security.version=5.2.0.RELEASE spring-ldap-core.version=2.3.2.RELEASE
Version
Using spring-security version 5.2.0.RELEASE. Expected behaviour occurs in spring-security version 5.1.2.RELEASE
Sample
Comment From: eleftherias
Thanks for reaching out @mbeldman. I tried this out on the latest Spring Security 5.2.x release (5.2.10.RELEASE) and saw the events triggered successfully. Please let me know if you are still having issues.