弹簧安全中的多个登录表单
[英]Multiple login form in spring security
问题描述
I'm new to the spring and in my project I need to add two login forms to both admins and users through spring security. 
我是春天的新手,在我的项目中,我需要通过spring security为管理员和用户添加两个登录表单。 Up to this point I was able to create one login page successfully. 到目前为止,我能够成功创建一个登录页面。 Here is my spring-security.xml 这是我的spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/welcome*" access="isAnonymous()"/>
<intercept-url pattern="/signup*" access="isAnonymous()"/>
<!--<intercept-url pattern="/login*" access="isAnonymous()" />-->
<intercept-url pattern="/selection" access="isAuthenticated()"/>
<intercept-url pattern="/dashboard" access="isAuthenticated()"/>
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/selection"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService" >
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
<beans:bean id="myUserDetailsService" class="com.cse.cloud4s.service.MyUserDetailsService"/>
</beans:beans>
web.xml web.xml中
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml,
/WEB-INF/spring-database.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
How can I modify the code to use multiple login pages? 如何修改代码以使用多个登录页面?
2 个解决方案
解决方案1
5 2015-01-03 18:08:44
You can have as many login pages as you want, but only one default login page the one to which spring security redirects if user is not authenticated - anyway, it would be hard to guess before authentication if user wants to log as admin. 您可以拥有任意数量的登录页面,但只有一个默认登录页面,如果用户未经过身份验证,则弹出安全性会重定向到该页面 - 无论如何,如果用户想要以管理员身份登录,则很难在身份验证之前猜测。
The only rule is that all login pages must submit same fields to same url, and that that url is processed by spring security. 唯一的规则是所有登录页面必须将相同的字段提交给相同的URL,并且该URL由spring security处理。
My only question is why do you need multiple login page ? 我唯一的问题是为什么你需要多个登录页面? The spring security way is to have privileges attached to login name, not to the way you log in. Spring安全方式是将权限附加到登录名,而不是您登录的方式。
解决方案2
2 2015-01-04 16:52:00
From Spring Security 3.1 it is now possible to use multiple http elements to define separate security filter chain configurations for different request patterns.
For more details refer this Spring Security Documenttation 有关更多详细信息,请参阅Spring Security Documenttation
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.