Login Detection with Spring Security
tCell's automatic Spring instrumentation for login detection requires the following Spring Security class objects:
See Redirect to Different Pages for a common use case for these handlers.
However, the Spring Security default configuration doesn't register these handlers, and a custom authentication endpoint implementation must call these handlers explicitly. Consequently, a user may set up Spring Security in their app, and install a Java agent, but fail to see login events because the handlers aren't configured. Consider the following ways to enable login detection:
- Configure the handlers. This approach requires changing your app authentication to support tCell. See Spring Security – Customize Authentication Success Handler and Spring Security Authentication Success Handler Examples for some examples of customizing AuthenticationSuccessHandler for Spring Security web applications.
- Use login hooks to explicitly invoke the tCell login hook API in your app when a user is authenticated. Because authentication configuration can vary significantly between apps, you determine where to invoke the API. Usually the best place is directly after a successful or unsuccessful authentication.
In summary, tCell's automatic Spring instrumentation for login detection works when you’ve already configured AuthenticationSuccessHandler and AuthenticationFailureHandler as part of your app’s Spring Security configuration. Otherwise, your best approach is to use login hooks. See the Java login hooks documentation for more information.