Hi Guys
I'm working with SpringSecurity and trying to create multiple login page.
My first login page(for concierge user, /service/loginConcierge.htm) is working properly,
but can't transit to concierge's top page (concierge-flow).
However my second login page(owner user , /service/owner.htm) always transit to manage-flow, by non authentication.
Sorry.. hope you'll help.
Below's a my security config file:
PHP Code:
<security:global-method-security secured-annotations="enabled">
<security:protect-pointcut access="ROLE_EDIT" expression="execution(* jp.co.kkc.tabinavi.service.*.*Service.execUpdate*(..))"/>
<security:protect-pointcut access="ROLE_EDIT" expression="execution(* jp.co.kkc.tabinavi.service.*.*Service.execDelete*(..))"/>
</security:global-method-security>
<bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain filters="none" pattern="/resources/**"/>
<security:filter-chain filters="none" pattern="/js/**"/>
<security:filter-chain filters="none" pattern="/css/**"/>
<security:filter-chain filters="none" pattern="/images/**"/>
<security:filter-chain filters="none" pattern="/service/owner.htm*"/>
<security:filter-chain filters="none" pattern="/service/loginConcierge.htm*"/>
<security:filter-chain filters="none" pattern="/service/errors/**"/>
<security:filter-chain pattern="/service/owner/**"
filters="ownerLogoutFilter,ownerAuthenticationProcessingFilter,
ownerSessionExpirationFilter, ownerExceptionTranslationFilter"/>
<security:filter-chain pattern="/service/concierge/**"
filters="conciergeLogoutFilter,conciergeAuthenticationProcessingFilter,
conciergeSessionExpirationFilter, conciergeExceptionTranslationFilter"/>
</security:filter-chain-map>
</bean>
<bean id="ownerLogoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" >
<security:custom-filter position="LOGOUT_FILTER" />
<property name="filterProcessesUrl" value="/service/owner/authentication/logout"></property>
<constructor-arg value="/service/owner.htm?loggedout=true"/>
<constructor-arg>
<list>
<ref local="writeLogoutLog" />
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="conciergeLogoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" >
<security:custom-filter position="LOGOUT_FILTER" />
<property name="filterProcessesUrl" value="/service/concierge/authentication/logout"></property>
<constructor-arg value="/service/loginConcierge.htm?loggedout=true"/>
<constructor-arg>
<list>
<ref local="writeLogoutLog" />
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="ownerSessionExpirationFilter" class="jp.co.kkc.tabinavi.web.util.SessionExpirationFilter">
<security:custom-filter position="FIRST" />
<property name="invalidSessionUrl" value="/service/loginConcierge.htm?sessionTimeout=true" ></property>
</bean>
<bean id="conciergeSessionExpirationFilter" class="jp.co.kkc.tabinavi.web.util.SessionExpirationFilter">
<security:custom-filter position="FIRST" />
<property name="invalidSessionUrl" value="/service/loginConcierge.htm?sessionTimeout=true" ></property>
</bean>
<security:authentication-provider user-service-ref="customUserDetailsService">
</security:authentication-provider>
<security:authentication-provider user-service-ref="conciergeUserDetailsService">
</security:authentication-provider>
<bean id="customUserDetailsService" class="jp.co.kkc.tabinavi.service.authentication.impl.CustomUserDetailsServiceImpl" >
<property name="authenticationBl" ref="authenticationBl"></property>
<property name="rolePrefix" value="ROLE_" />
<property name="messageSource" ref="messageSource"></property>
</bean>
<bean id="conciergeUserDetailsService" class="jp.co.kkc.tabinavi.service.authentication.impl.ConciergeUserDetailsServiceImpl" >
<property name="authenticationBl" ref="authenticationBl"></property>
<property name="rolePrefix" value="ROLE_" />
<property name="messageSource" ref="messageSource"></property>
</bean>
<bean id="ownerAuthenticationProcessingFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="filterProcessesUrl" value="/service/owner/authentication/j_acegi_security_check"></property>
<property name="defaultTargetUrl" value="/service/owner/manage-flow" />
<property name="authenticationManager" ref="ownerAuthenticationManager" />
<property name="authenticationFailureUrl" value="/service/owner.htm?authfailed=true" />
</bean>
<bean id="conciergeAuthenticationProcessingFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="filterProcessesUrl" value="/service/concierge/authentication/j_acegi_security_check"></property>
<property name="defaultTargetUrl" value="/service/concierge/concierge-flow" />
<property name="authenticationManager" ref="conciergeAuthenticationManager" />
<property name="authenticationFailureUrl" value="/service/loginConcierge.htm?authfailed=true" />
</bean>
<bean id="ownerExceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/service/owner.htm" />
<property name="forceHttps" value="false" />
</bean>
</property>
</bean>
<bean id="conciergeExceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/service/loginConcierge.htm"/>
<property name="forceHttps" value="false" />
</bean>
</property>
</bean>
<bean id="ownerAuthenticationManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="customDaoAuthenticationProvider" />
</list>
</property>
<property name="sessionController" ref="defaultConcurrentSessionController" />
</bean>
<bean id="conciergeAuthenticationManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="conciergeDaoAuthenticationProvider" />
</list>
</property>
<property name="sessionController" ref="defaultConcurrentSessionController" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl" />
<bean id="defaultConcurrentSessionController"
class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="false" />
</bean>
<bean id="customDaoAuthenticationProvider"
class="jp.co.kkc.tabinavi.bl.authentication.CustomDaoAuthenticationProvider">
<property name="userDetailsService" ref="customUserDetailsService" />
<property name="hideUserNotFoundExceptions" value="false" />
</bean>
<bean id="conciergeDaoAuthenticationProvider"
class="jp.co.kkc.tabinavi.bl.authentication.CustomDaoAuthenticationProvider">
<property name="userDetailsService" ref="conciergeUserDetailsService" />
<property name="hideUserNotFoundExceptions" value="false" />
</bean>
<bean class="jp.co.kkc.tabinavi.web.util.AuthenticationEventListener">
<property name="messageSource" ref="messageSource"/>
<property name="commonBl" ref="commonBl"/>
<property name="defaultSucceedProcessContents" value="success"/>
<property name="defaultFailedProcessContents" value="failed"/>
</bean>
</beans>
web.xml
PHP Code:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/ * </url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
Thanks & Regards
Ganaa
Help on spring security 2.0.5 multiple login page
Reply With Quote