Spring-Security with two authentication managers
Question
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http security="none" pattern="/resources/**"/>
<http use-expressions="true" auto-config="true" pattern="/rest/sales/**" authentication-manager-ref="salesAuth" disable-url-rewriting="true">
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')"/>
<form-login login-page="/rest/checkSales/salesLogin"
default-target-url="/rest/sales/getSalesManagerHome"
authentication-failure-url="/rest/checkSales/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/ogin_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true" >
<headers>
<cache-control />
</headers>
<intercept-url pattern="/rest/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')" />
<form-login login-page="/rest/check/adminLogin"
default-target-url="/rest/admin/adminDashBoard"
authentication-failure-url="/rest/check/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/login_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager erase-credentials="true">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<authentication-manager erase-credentials="true" alias="salesAuth">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
</beans:beans>
The problem is with second authentication-manager is overriding anthor authentication manager, ie always second authentication manager get executing. Here I am using two custom login pages for two different modules in my project, or tell me how to apply Spring Security for two custom login pages in one project.
1 answers
solution1
0 2017-01-09 19:55:50
You have to give your <authentication-manager> an id attribute not an alias, otherwise the second declaration overrides the first. And then I think you should remove the authentication-manager-ref attribute.
This has been asked on the old spring forum and answered by Luke Taylor (anyone who read Spring security source code will have seen his name a lot) here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.