Spring Security Behind Tomcat Security

Printable View

Feb 28th, 2011, 08:23 PM
TimothyOrme

Spring Security Behind Tomcat Security

Hi All,

I'm trying to setup a website for a "beta" test and want to have an initial authentication to get to the site, at which point the users can access the beta site, but will have to login/register to use the locked parts of the site.

Initially, I tried doing this by adding basic security to tomcat or apache, but in both cases, it seemed to defer to the spring security level (the login box says something like "Spring Application Authentication").

So my question is, is there any way to do this? It doesn't necessary have to be using the web containers, it could use spring directly as well.

Thanks!
Tim
Feb 28th, 2011, 10:24 PM
Rob Winch

The simplest way of doing this would be to have different access levels. Making it as simple as possible (and as closely related to the documentation you will find) you could create a ROLE_BETA and ROLE_REGISTERED. You would that have two different AuthenticationProviders (one that authenticates with only the ROLE_BETA and one that provides the ROLE_REGISTERED). If a ROLE_BETA user accesses a ROLE_REGISTERED url they would be sent to the access denied page (which you could configure to be a page that tells them they need to register or login).

HTH,

All times are GMT -5. The time now is 12:16 AM.

Powered by vBulletin® Version 4.2.1
Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.