Get username on failed login on Grails 2.5.5 w/ Spring Security

Question

I need to capture the username on failed login attempts to do analysis to detect attacks and users that might have issues logging in my app.

On a filter for all controllers and actions, I create a log using a domain class ActivityLog where all the request / params data is stored for each request. When I try to get the username on actions coming from the login controller, the username is not on the params, nor j_username.

How can I get the username used on the failed login from the filter?

The params look like: [login_error:1, action:auth, controller:login]

I tried to get the info from the GrailsAnonymousAuthenticationToken, but the username is grails.anonymous.user

Answer 1

The short answer is you can't get that information in your filter.

The long answer is to use the eventing that is built into the spring security core plugin for Grails to react to failed authentication events.

Here is an example for a Grails 2.4.x application

// Config.groovy
grails.plugin.springsecurity.apf.storeLastUsername = true // this is now needed with updated version of spring security
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
    // Successful login stuff in here

}
grails.plugin.springsecurity.onAbstractAuthenticationFailureEvent = { e, appCtx ->
  // Failed login stuff in here
  // e.getAuthentication().getPrincipal() contains the principal object
}