Reputation: 31
multiple authentication manager in spring security
I'm new at spring security. I want to have two different login forms for two different type of users. I have a package called /admin which is contained my main project for system users and /portal for other users./portal users will work on their tenant and won't know anything about /admin and vice versa.Each user group has its own database too. In spring-security.xml I defined two authentication managers,but when I login from both login forms it goes to 'AuthenticatingManager' but as I mentioned in xml file, for /portal users it should goes to PortalAuthenticatingManager. what shall I do? or what did I miss?
<security:http use-expressions="true" pattern="/portal/**" authentication-manager-ref="portalAuthMgr" access-denied-page="/unauthorized.jsp">
<form-login login-page="/plLogin.jsp" default-target-url="/portal/portal" />
<security:intercept-url pattern="/plLogin.jsp" access="permitAll"/>
<security:intercept-url pattern="/portal/**" access="hasRole('ROLE_PORTAL')" />
</security:http>
<security:http authentication-manager-ref="adminAuthMgr" access-denied-page="/unauthorized.jsp">
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<security:form-login login-page="/login.jsp" authentication-failure-handler-ref="authenticationFailureHandler"/>
</security:http>
<security:authentication-manager id="adminAuthMgr">
<security:authentication-provider ref="produxAuthenticationProvider"/>
</security:authentication-manager>
<security:authentication-manager alias="portalAuthMgr">
<security:authentication-provider ref="portalAuthenticationProvider"/>
</security:authentication-manager>
<beans:bean id="produxAuthenticationProvider" class="com.spring.AuthenticatingManager">
</beans:bean>
<beans:bean id="portalAuthenticationProvider" class="com.spring.PortalAuthenticatingManager">
</beans:bean>
Upvotes: 0
Views: 2233
Answers (1)
Reputation: 22762
Your "portal" login form needs to post to a URL beginning with /portal/**, otherwise the login request will be handled by the second filter chain. It should work if you use/portal/j_spring_security_check
Note that you can also use the login-processing-url attribute on form-login element to control which URL the filter responds to. Using different URLs for each would avoid the issue where one accidentally processes a request meant for the other.
Upvotes: 1
Related Questions
- Spring security Expose Multiple Authentication Managers without WebSecurityConfigurerAdapter
- How to provide multiple Authentication providers with java configuration of spring security
- Java Spring Security config - multiple authentication providers
- Multiple Authentication Providers in Spring Security
- How to provide multiple ways of authentication with Spring Security
- Multiple custom authentication with spring security
- spring-security java config: How to configure Multiple AuthenticationManager instances
- Multiple login forms, different authentication managers - latest spring security
- Spring Security 3.1.0.RC1: With multiple <http.../> elements why can I only register one authentication manager?
- Spring Security - multiple authentication-providers