Using Spring boot - After successfully authenticating with GitHub OAuth, the Audit listener is not being triggered.

public class AuthenticationListener implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {

@Override
public void onApplicationEvent(final InteractiveAuthenticationSuccessEvent event) {
       System.out.println("+++++++ ================ ------------");
   }

}

Do I need to register it anywhere else? I have tried as suggested else where on Stackoverflow to create a @Bean, but this made no difference.

Full code https://github.com/DashboardHub/PipelineDashboard/tree/feature/178-login-github

Update

SecurityConfig class

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
OAuth2ClientContext oauth2ClientContext;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**")
        .authorizeRequests()
            .antMatchers("/", "/login**", "/webjars/**").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
            .loginPage("/login")//.failureUrl("/login?error")
            .permitAll()
        .and().logout().logoutSuccessUrl("/").permitAll()
        .and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class)
    ;
}

@Bean
@ConfigurationProperties("security.oauth2")
ClientResourcesConfig github() {
    return new ClientResourcesConfig();
}

private Filter ssoFilter() {
    CompositeFilter filter = new CompositeFilter();
    List<Filter> filters = new ArrayList<>();
    filters.add(ssoFilter(this.github(), "/login/github"));
    filter.setFilters(filters);
    return filter;
}

private Filter ssoFilter(ClientResourcesConfig client, String path) {
    OAuth2ClientAuthenticationProcessingFilter githubFilter = new OAuth2ClientAuthenticationProcessingFilter(
            path);
    OAuth2RestTemplate githubTemplate = new OAuth2RestTemplate(client.getClient(),
            oauth2ClientContext);
    githubFilter.setRestTemplate(githubTemplate);
    githubFilter.setTokenServices(new UserInfoTokenServices(
            client.getResource().getUserInfoUri(), client.getClient().getClientId()));
    return githubFilter;
}
}

I got this working by injecting the default ApplicationEventPublisher into your security config bean. Then setting this as the application event publisher on the processingfilter:

@Autowired
private ApplicationEventPublisher applicationEventPublisher;    

...        

githubFilter.setApplicationEventPublisher(applicationEventPublisher);

For some reason, the application event publisher on the filter is a NullEventPublisher by default.

Use @Configuration annotation on AuthenticationListener class to register it in your application context.

EDIT

As I could not figure out why event wasn't fired, I present alternative solution for this problem. You have to create class that implements AuthenticationSuccessHanddler and implement its onAuthenticationSuccess method:

@Component(value="customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler{

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                Authentication authentication) throws IOException, ServletException {
    //implementation
    }
}

Then add it to your configuration like:

@Resource
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;

@Override
protected void configure(HttpSecurity http) throws Exception {
        ...
        .loginPage("/login").and()
        .successHandler(getCustomAuthenticationSuccessHandler())
        .permitAll()
        ...
}

public CustomAuthenticationSuccessHandler getCustomAuthenticationSuccessHandler() {
    return customAuthenticationSuccessHandler;
}

It's not exactly what you wanted, but should solve your problem.

Instead of an InteractiveAuthenticationSuccessEvent, listening for an AuthenticationSuccessEvent did the trick for me. However, the listener is called twice: first one's event's Authentication is an UsernamePasswordAuthenticationToken, while the second one is an OAuth2Authentication