introduce a custom spring security event to ensure a cleaner code base, that consumes and remove logic for specific events, as well as releasing that security event as a default, expected type of object of the spring security context

Author: rcsoyer

src/main/java/org/acme/authorization_server/application/events/AuthenticationEventHandler.java

@@ -2,11 +2,10 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.acme.authorization_server.domain.dto.command.AppAuthenticationSuccessEvent;
 import org.acme.authorization_server.domain.service.UserAuthenticationEventService;
 import org.springframework.context.event.EventListener;
 import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
-import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
@@ -18,16 +17,13 @@ class AuthenticationEventHandler {
     private final UserAuthenticationEventService service;
 
     @EventListener
-    void onSuccess(final AuthenticationSuccessEvent loginSuccessEvent) {
-        final Authentication authentication = loginSuccessEvent.getAuthentication();
-        SecurityContextHolder.getContext().setAuthentication(authentication);
-        log.debug("Account successfully authenticated. And user set to the security context. username={}",
-                  authentication.getName());
+    void onSuccess(final AppAuthenticationSuccessEvent loginSuccessEvent) {
         service.createSuccessEvent(loginSuccessEvent);
     }
 
     @EventListener
     void onFailure(final AbstractAuthenticationFailureEvent loginFailureEvent) {
+        SecurityContextHolder.clearContext();
         service.createFailureEvent(loginFailureEvent);
     }
 }

src/main/java/org/acme/authorization_server/domain/dto/command/AppAuthenticationSuccessEvent.java

@@ -0,0 +1,22 @@
+package org.acme.authorization_server.domain.dto.command;
+
+import java.io.Serial;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+
+/**
+ * Markup class, extension of {@link AuthenticationSuccessEvent}
+ * for the events exposed explicitly, programmatically, by this application.
+ * <br/> This simple markup has the purpose of being consumed explicitly
+ * as an event by this application event handlers,
+ * and by the Spring Boot context as a default {@link AuthenticationSuccessEvent}.
+ */
+public final class AppAuthenticationSuccessEvent extends AuthenticationSuccessEvent {
+
+    @Serial
+    private static final long serialVersionUID = 3403943457124822906L;
+
+    public AppAuthenticationSuccessEvent(final Authentication authentication) {
+        super(authentication);
+    }
+}

src/main/java/org/acme/authorization_server/domain/service/UserAuthenticationEventService.java

@@ -21,8 +21,9 @@ public class UserAuthenticationEventService {
     private final UserRepository userRepository;
 
     public void createSuccessEvent(final AuthenticationSuccessEvent event) {
-        log.debug("Persisting User Authentication success event published by spring's security context. "
-                    + "AuthenticationSuccessEvent={}", event);
+        log.debug(
+          "Persisting User Authentication success event published by spring's security context. "
+            + "AuthenticationSuccessEvent={}", event);
         final String username = event.getAuthentication().getName();
         userRepository
           .findByUsername(username)