Spring Security Improve the BasicAuthenticationFilter to allow callbacks for both successful and failed authentication events.

Expected Behavior

Can customize and set callback method in BasicAuthenticationFilter. (Such as logging, saving audit log .. etc)

Current Behavior

Now, there are two empty protected method called onSuccessFulAuthentication, onUnsuccessfulAuthentication. I think it would be nice if I can customize the actions of these methods.

Context

I use Basic authentication for authentication in server-to-server communication within an private internal network. And I wish I could save the information of client for audit log. (Which client call which api how many times during specific period) For this reason, I looked into this BasicAuthenticaionFilter and I found those two empty methods.

So I wanna improve BasicAuthenticationFilter If youguys are ok with it.

Comment From: jzheaux

Thanks for your willingness to help, @pongdangx2.

Because BasicAuthenticationFilter already has those protected methods, I'd prefer to leave it as-is, when possible.

Given that you are wanting to write authentication details to your audit log, instead have you already tried listening for AuthenticationSuccessEvent and AbstractAuthenticationFailureEvent?

@Component
class AuthenticationAuditLogger {
    @EventListener
    void onSuccess(AuthenticationSuccessEvent success) { ... }

    @EventListener
    void onFailure(AbstractAuthenticationFailureEvent failure) { ... }
}

Comment From: pongdangx2

@jzheaux Thank you for feedback :) I'll try !!

Have a nice day.