UserService to return UserDetails object on authentication and implementation of AuthenticationSuccessHandler and AuthenticationFailureHandler

CustomAuthenticationFailureHandler.java

@Component("customAuthenticationFailureHandler")
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

	private String DEFAULT_FAILURE_URL = "/login?error";

	@Autowired
	private UserService userService;

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {

		setDefaultFailureUrl(DEFAULT_FAILURE_URL);
		super.onAuthenticationFailure(request, response, exception);

		if (exception instanceof BadCredentialsException) {
			lockUser(request.getParameter("username"));
		}

	}

	private void lockUser(String username) {
		Users user = userService.getUser(username);

		if (user != null) {
			int failedCount = user.getFailedLogins() + 1;
			user.setFailedLogins(failedCount);

			if (failedCount > 4) {
				user.setLocked(true);
			}

			userService.saveUser(user);
		}
	}

}

CustomAuthenticationSuccessHandler.java

@Component("customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

	@Autowired
	UserService userService;

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws IOException, ServletException {

		User loginUser = (User) authentication.getPrincipal();

		Users user = userService.getUser(loginUser.getUsername());
		user.setFailedLogins(0);
		user.setLastLoginDate(new Date());
		userService.saveUser(user);

		response.sendRedirect("home");
	}

}

UserServiceImpl.java

package com.bytestree.service;

import java.util.ArrayList;
import java.util.Date;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.bytestree.dao.UserDao;
import com.bytestree.model.Roles;
import com.bytestree.model.Users;

/**
 * @author bytestree
 *
 */

@Service("userService")
@Transactional(readOnly = true)
public class UserServiceImpl implements UserService, UserDetailsService {

	
	@Autowired
	UserDao userDao;

	/**
	 * Method to return UserDetails after successful login
	 * 
	 * @param username
	 * @return UserDetails object
	 */
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		Users user = userDao.findById(username);

		if (user == null) {
			throw new UsernameNotFoundException("Invalid username or password");
		}
		return new org.springframework.security.core.userdetails.User(username, user.getPassword(), user.getEnabled(),
				true, true, !user.getLocked(), getAuthorities(user));
	}

	private List<GrantedAuthority> getAuthorities(Users user) {
		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

		for (Roles role : user.getRoleses()) {
			authorities.add(new SimpleGrantedAuthority(role.getName()));
		}
		return authorities;
	}

	@Transactional(readOnly = false)
	@Override
	public void saveLastLoginDate(String username) {
		Users user = userDao.findById(username);
		user.setLastLoginDate(new Date());
		userDao.save(user);
	}

	@Override
	public Users getUser(String username) {
		return userDao.findById(username);
	}

	@Transactional(readOnly = false)
	@Override
	public void saveUser(Users user) {
		userDao.save(user);
	}

}

Refer Spring Security 4 with Hibernate for complete example.

Very Good example. Helped me out a lot.