I'm new to Symfony and PHP (previously worked with C++, Java) and I can't find any solution on how to log user login and logout actions to a database. I want those specific informations:
user who took the action (via userId),
action description (login or logout),
current timestamp.
I'm looking for the simplest possible solution. I managed to successfully log information on user login by modifying function rendering user login form, but I failed miserably when it comes to logout. I know it is a terrible idea after all, but I couldn't come up with any better one. Any suggestions? Thanks in advance.
If you have a look here, it says you can define a success handler and a failure handler which you use to log stuff to your database. You can also find the handler parameters defined in the reference documentation.
Login
You would first create a service which get's the security.context and entityManager as parameters and uses both to determine which user logged in. This service is then added to the success_handler parameter and therefor called after the user logs in.
Logout
This one is more tricky I guess, as I would assume that the security.context has no information about the user anymore and you cannot use it to determine which user is logging out. You may want to look into what the handlers parameter actually is. It might be a handler which is called while processing the logout, so you could use it. Of course you might log some logouts which fail because without the success handler you cannot be sure the logout was successfull. On the other hand, maybe you can get the session id from somewhere (again, security.context maybe) and log this instead.
Related
I authorized the group of a user to the cockpit-application. I gave the group full access to the Process Definition and Process Instance authorizations. (so pretty much as described in the documentation)
When I try to log the user in, I see the Welcome screen and in the application overview the option to navigate to the cockpit-application.
However, when I click this, I get the Login screen again.
For a fraction of a second I see the cockpit application, but then it immidiatly redirects to the login page. When I try to log in again, it keeps redirecting me to this login screen.
I configured another group to use the Tasklist application and that is working as expected.
I tried to give the authorization on user-level instead of group-level but the same problems occurs.
(n.b.: I am using the Spring-Camunda-Starter for this application.)
I found the problem, I accidentally removed one of the authorizations the system automatically creates when the user is created. I think I might have removed this, as I thought it was not necessary.
It is in the User Authorizations, every user has an authorization from it's own user to that user. When I added this, it fixed the problem.
I found the solution when another user logged in and had no problems. And the found this to be the only difference between the two accounts.
Hopefully this will help someone in the future!
I want to restrict user for multiple login at a same time. Am following custom authentication method from below link
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/authentication-security/custom-authentication/
To achieve, I wanted know whether current login request is already logged in or not from some other device(session). Where or from which method am going get these details?
Please let me know how to get and return error custom message from this java file to adapter's calling method.
I don't believe any of the built-in APIs will provide what you are looking for.
Instead, I think you need to create your own implementation from scratch. Meaning, create some database to store the current status of each user. Update it every time, check the status whenever someone tries to login ...
I'm using Ember-Simple-Auth on an Ember-CLI project, and I'm also using the provided ember-simple-auth-devise authenticator that comes with 3.1. I'm able to login and logout successful, but I can't figure out where's the best place to put the callback (or when the promise resolves) upon successfully logging in. I want to be able to use the data returned by my API on my app after logging in. Any suggestions and advice would be highly appreciated! If requested, I can also provide code samples (although I figured it wasn't necessary since what I have implemented thus far is nothing custom).
Thanks!
When the session is authenticated successfully, the sessionAuthenticationSucceeded action is triggered (see http://ember-simple-auth.simplabs.com/ember-simple-auth-api-docs.html#Ember-SimpleAuth-ApplicationRouteMixin-sessionAuthenticationSucceeded, there are also more actions for other events). So that's a good place to react to the session becoming authenticated.
As the authenticator will set all values the server responds with as properties on the session you could also define additional properties that depend on these - see example here (where the account property depends on the accountId property that's read from the server response): https://github.com/simplabs/ember-simple-auth/blob/master/examples/4-authenticated-account.html#L101
Here is the scenario. I have two objects Users (with username/password) and UserInfo with rest of the data related to user. The Users is an old table with thousands of records and UserInfo is fairly new. I want to get as much UserInfo as I can when the user first logs in.
I'd like to force user to a custom screen after first login and ask for the UserInfo data. Once I get the "required" data in the new screen, I dont show it till the user voluntarily wants to fill in the data under "Profile".
Since there are multiple entry points to the application, I dont want to update all the controllers to check for this.
Is there a way I can use a Spring Security filter or something which is executed on successful login? I had a look at ApplicationListener<AuthenticationSuccessEvent> but it doesnt solve the problem as if I copy paste the link in the browser, it lets me go ahead to the destination without asking for "extra information".
In a nutshell, I want a check after each login which, if fails, user is not allowed to enter the application. No matter how he tries to get in.
In your Config.groovy, configure Spring Security's defaultTargetUrl and tell it to always redirect there:
grails.plugins.springsecurity.successHandler.alwaysUseDefault = true
grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/userInfo/edit'
In your UserInfoController's edit action, you can check that the required fields are present (userInfo.validate() perhaps?) and if they are, redirect to wherever you like, perhaps '/', otherwise render the edit info view.
You can adopt what #doelleri proposed and enhance the rule by those steps:
run a batch task to assign a temporary ROLE_DISABLED role to each user who does not provide supplemental information yet. If the user already had some roles, save them in some property.
setup your authorization rule as that users with ROLE_DISABLED role only allowed to access /userInfo/edit.
in /userInfo/edit, if the user has a ROLE_DISABLED role, render the information input view, and resume user's role after it successfully updated its information. Otherwise redirect to '/' or the path it requested.
I've been working on a project to create an FDA part11-compliant e-signed document repository. The mandate is that it use Perforce to track the various revisions of the documents, utilize LDAP (AD) as the authentication/access directory, and re-authenticate the user at the point they submit a changelist.
The first two requirements are in place, but I am having trouble with the last one. I have a script at the "change-submit" trigger which logs out the user - assuming that this would force the client to re-authenticate the user before continuing with the process - but this does not work, at least for the command line client; the user is logged out but the process completes, and the next command attempt from the user is the one that gets denied.
Setting the script to handle the authentication process is not an option as it is run server-side and there is no way to pass a prompt through to the user.
I could of course pass authentication as command-line arguments to the script and then return non-0 to force the process to abort if the credentials are false, but I have not found a way to modify the commands sent for a given action by the p4v GUI, nor again to have the client prompt the user for authentication; and, this would result in the password being displayed as clear text consistently.
Setting the ticket timeout to an extremely short duration would definitely require the user to authenticate prior to submission, but also before any other action.
Has anyone out there dealt with something like this before, or does anyone see an angle of attack that I am missing? Thanks!
Thanks avp for your attempt to help, but my issue was not that the logout wasn't performed, but that the submit that triggered the logout script was concluded anyway.
I basically ended up setting up different groups, one which had all rights except write, and then a group for each authorized user which had write rights, but expired in 90 seconds. I then put all users in the non-write group, and then had a trigger set on login which parsed the password given to determine if it contained a request to join the group with write rights (which was set into a p4v script) and, if the remainder of the passed-in password was correct, assigned them to that group.
I've had it in production for a few months now with no issues.
Well, I have no idea why it did not work for your client, but you can try this:
remove the p4tickets.txt file or remove the necessary line in this file after you logged out.
(After I log out I can see that one line (the line for the client I logged out) is removed from the p4tickets.txt.
Each time I have any problems with logging in/out I remove this file and it helps.