Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AuthenticationFailureBadCredentialsEvent published twice

See original GitHub issue

Summary

AuthenticationFailureBadCredentialsEvent gets published twice with due the fix of #6009, WebSecurityConfigurerAdapter.java:203.

Actual Behavior

If you create a ApplicationListener<AuthenticationFailureBadCredentialsEvent> and listen to AuthenticationFailureBadCredentialsEvent, you get notified twice when the users provides wrong credentials.

Expected Behavior

Same as AuthenticationSuccessEvent, the AuthenticationFailureBadCredentialsEvent should get published only once.

Configuration

Can be reproduced if you use spring-boot-samples/spring-boot-sample-web-secure-custom and add an ApplicationListener<AuthenticationFailureBadCredentialsEvent>.

Version

Spring Security 5.1.2.RELEASE

Sample

Take spring-boot-samples/spring-boot-sample-web-secure-custom and add an ApplicationListener<AuthenticationFailureBadCredentialsEvent>.

@Component
protected static class LoginAttemptAuthenticationFailureEventListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
	@Override
	public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
		System.out.println(event.toString());
	}
}

spring-boot-sample-web-secure-custom.zip

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:3
  • Comments:10 (7 by maintainers)

github_iconTop GitHub Comments

6reactions
martinwithaarcommented, Jan 23, 2019

I changed my springBootVersion from '2.1.1.RELEASE' to '2.1.2.RELEASE' and can confirm it solved my issue.

1reaction
jgrandjacommented, Dec 19, 2018

@mptardy

if this is a bug, would it be possible to fix i in a 5.1.x update?

Yes, it will be back patched to 5.1.x and 5.0.x

Read more comments on GitHub >

github_iconTop Results From Across the Web

AuthenticationFailureCredentials...
I have tested the AuthenticationFailureBadCredentialsEvent which works fine. This is what I get in event for bad credentials: (which is working ...
Read more >
Spring Security Reference
Spring Security is Open Source software released under the Apache 2.0 license. ... it is published as an AuthenticationFailureBadCredentialsEvent , which ...
Read more >
Spring Security Core Plugin - Reference Documentation
If true , creates an authenticated UsernamePasswordAuthenticationToken to avoid loading the user from the database twice. However, this process ...
Read more >
Open Source Used In Industrial Network Director Software 1.9.0
products derived from this software without specific prior written permission. ... /authentication/event/AuthenticationFailureBadCredentialsEvent.java.
Read more >
User account is locked Spring security ...
AuthenticationFailureBadCredentialsEvent gets published twice with due the fix of #6009, WebSecurityConfigurerAdapter.java:203. Actual Behavior.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Spring security 5.1.x override dependency com.nimbusds:oauth2-oidc-sdk version.

Next page

How to Map Roles using OIDC on Reactive Stack