Once Spring Security is in play, Spring Boot Actuator has a flexible audit framework that publishes events (by default, “authentication success”, “failure” and “access denied” exceptions).
This feature can be very useful for reporting and for implementing a lock-out policy based on authentication failures.
To customize published security events, you can provide your own implementations of
You can also use the audit services for your own business events.
To do so, either inject the existing
AuditEventRepository into your own components and use that directly or publish an
AuditApplicationEvent with the Spring
ApplicationEventPublisher (by implementing