Recording logins with Spring Security

Question

I want to log every login in my web application. I was able to access the logins which take place through UsernamePasswordAuthenticationFilter but I don\'t know

Answer 1

The best way of logging authentication success and failures is to use a Spring ApplicationListener.

Spring Security publishes various events for authentication success and failure which you can listen for. Events are also published when access is denied to a resource.

You can look at LoggerListener as an example. Start by adding one of those to your application context and it will automatically log authentication events at warn level.

Regarding remember-me logins, if you logout and then access the site immediately afterwards, and are re-authenticated using a remember-me cookie, then technically that is the same as any other remember-me authentication, so there's not much you can do about it.

However, if your logout success URL is passing through the remember-me filter, and that is how the new session is being created (without any additional action from the user), then simply omit it that page from the security filter chain.