Spring security: adding "On successful login event listener"

Question

You need to define a Spring Bean which implements ApplicationListener.

Then, in your code, do something like this:

public void onApplicationEvent(ApplicationEvent appEvent)
{
    if (appEvent instanceof AuthenticationSuccessEvent)
    {
        AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) appEvent;
        UserDetails userDetails = (UserDetails) event.getAuthentication().getPrincipal();

        // ....
    }
}

Then, in your applicationContext.xml file, just define that bean and it will automatically start receiving events :)

The problem with AuthenticationSuccessEvent is it doesn't get published on remember-me login. If you're using remember-me authentication use InteractiveAuthenticationSuccessEvent instead, it works for normal login as well as for remember-me login.

@Component
public class LoginListener implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {

    @Override
    public void onApplicationEvent(InteractiveAuthenticationSuccessEvent event)
    {
        UserDetails userDetails = (UserDetails) event.getAuthentication().getPrincipal();
        // ...
    }
}

Similar to Phill's answer, but modified to take Generics into consideration:

public class AuthenticationListener implements ApplicationListener<AuthenticationSuccessEvent> {

  @Override
  public void onApplicationEvent(final AuthenticationSuccessEvent event) {

      // ...

  }

}

In Grails, with Spring Security Plugin, you can do this in Config.groovy:

grails.plugins.springsecurity.useSecurityEventListener = true

grails.plugins.springsecurity.onAuthenticationSuccessEvent = { e, appCtx ->

        def session = SecurityRequestHolder.request.getSession(false)
        session.myVar = true

}