Monitor Platform access and spend time of the system in java

How can I implement following functionality in a project using or without using spr开发者_开发百科ing-security.

1. LoggedIn Count: Number of times the user has logged into the system.

2. Time Spend: Total time spent by user.

As of now, I have thought about the solution using javascript, in which one request will be sent to the server periodically. And inside the server it will increment the spendtime variable.

Still would like to know that, is there anything coming alongwith spring-security itself or not. Or any other idea to handle such functionality.

Any idea/suggestion would be highly appreciated...

I worked with those exactly same technologies in the past(just not SpringSecurity) and i did a similar thing, i think i can give you an idea of how you could do that. I think it will work:

1 To count the name of successful logins, you will need a variable in an entity. That variable needs to increase by one when the user successfully logs. I think the best time to increase that value is if the validation is correct and the access is granted(You could implement that in the validation method). So what you do is get the current value of the variable for that user using the Hibernate Query Language, add 1 and then update the row.

2 For this one i am not sure at 100% but you can give it a try: A variable in the User table called loginTime needs to exist as @ApplicationState.

Then in your logout function you will create a tempVariable that will hold the time(a long variable) at that current time. You will do a substract operation(logOutTime - logInTime) and you will get the time in milliseconds expend on that session. So just before erasing the session and loging out for real, just update a column in the DB for the user that is going to logout with the result.

Also i would like to mention that this 2 ideas might solve the problem using a programmatical approach, but i am sure that if you investigate about Spring Security, you might find the way of finding that info in some kind of logs or similar(Never used Spring Security before)

I hope i explained my self correctly. Good Luck

1) For the numer of logins the best way is to plug in to Spring Security using AuthenticationSuccessHandler, as @user395072 said and hold the result in user table in numOfSuccessfulLogins adding +1 on every successful login.

2) For the time spent on the site all You need is a session variable, lets'a call it $MY_TIME. Then on every request if $MY_TIME doesn't exist in session, you set it to the current date (i.e. System.currentTimeMillis()). If it does exist, than You take the current time and substract the $MY_TIME value and You have the time spent so far in current session. On the same request You need need to persist it. You can have a separete table for it adding a new record when You set the $MY_TIME to session and updating the newest one every other time. Or You can have 2 fields in user table: cumulativeTime and currentSessionTime, and You add update cumulativeTime += currentSessionTime and currentSessionTime = 0 when settin $MY_TIME to session, and on any other request update currentSessionTime = System.currentTimeMillis() - $MY_TIME.

There are many ways you can do this, it depends on the architecture that you are following.

you can use following

protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
        SecurityContextHolder.getContext().setAuthentication(authResult);
        if (this.eventPublisher != null) {
            eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
        }
    }

or

of using spring security

 <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
     p:sessionAuthenticationStrategy-ref="sas"
     p:authenticationManager-ref="authenticationManager"
    p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"
    p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler"/>

or using any custom filters

Few more pointers which people generally use for user tracking/analysis

1. capturing the user agent with user information
2. capturing the login and logout / session expiry time
3. capturing the IP address
4. capturing the unsuccessful login attempts
5. capturing the session identifier with login

Once all this information is stored in a persistent store, they usually create a report / procedure on top of it to get all those information like how many users in a single day, or how many times a user have logged-in during a month or how long did he spent on the site during a month etc...