Login Detection with Spring Security

Spring Security is an authentication and access-control framework for Spring-based Java applications.

tCell's automatic Spring instrumentation for login detection requires the following Spring Security class objects:

See Redirect to Different Pages for a common use case for these handlers.

However, the Spring Security default configuration doesn't register these handlers, and a custom authentication endpoint implementation must call these handlers explicitly. Consequently, a user may set up Spring Security in their app, and install a Java agent, but fail to see login events because the handlers aren't configured. Consider the following ways to enable login detection:

In summary, tCell's automatic Spring instrumentation for login detection works when you’ve already configured AuthenticationSuccessHandler and AuthenticationFailureHandler as part of your app’s Spring Security configuration. Otherwise, your best approach is to use login hooks. See the Java login hooks documentation for more information.