We are using OKTA for Oauth2 token based authentication. Below are steps to make connection.
application.properties:
oktaOrgUrl=https://averydennison.okta.com
okta.oauth2.issuer=https://averydennison.okta.com/oauth2/v1/authorize
okta.oauth2.redirect-uri=/implicit/callback
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().authorizeRequests().anyRequest().authenticated().and().oauth2ResourceServer().jwt();
}
}
Application works properly, but we had to track user login and logout events.
Written implementation classes of LogoutSuccessHandler for logout,
@Component
public class MyLogoutSuccessHandler implements LogoutSuccessHandler{
@Override
public void onLogoutSuccess(HttpServletRequest arg0, HttpServletResponse arg1, Authentication arg2) throws IOException, ServletException {
}
}
Configured login and logout event listener in WebSecurityConfig.java
http.cors().and().authorizeRequests().anyRequest().authenticated().and().oauth2Client().and().oauth2Login().and().logout().logoutSuccessHandler(logoutSuccessHandler());
Problem is that, login and logout event-listener is not working and not listening this event.