Junior Member
Multiple Authentication Entry Points
Hi,
I'm replacing my own Security mechanisms with Acegi in an App where currently I have seperate login forms for admin and users.
Can someone suggest the best approach to doing this in Acegi? I understand I could make things work with a single entrypoint for all domains but I'd like to be able to stick with my current setup.
Cheers
Darragh
Senior Member
Spring Team
Are you planning on using net.sf.acegisecurity.webapp.AuthenticationProcessi ngFilter (most people do)?
If so, probably the simplest is to configure two instances of that filter in web.xml, with different AuthenticationProcessingFilter.filterProcessesUrl and AuthenticationProcessingFilter.authenticationFailu reUrl.
Of course, it would be cleaner to have one login form (but I'm sure you've got your reasons)...
Junior Member
I have encountered the same problem: the homepage needed a login form, and when the user wants to access thoese authorized pages, another login form is needed.
After I configure two filters in web.xml and two securityEnforcementFilters and two authenticationProcessingFilterEntryPoints in applicationContext.xml,
it seems that only one filter take effect.
Can someone sugguest a approach to do this in Acegi?
Senior Member
Spring Team
When you say there are two login forms, I assume the user can login to either one of them and avoid needing to login again or separately through the second login form?
I'm not sure why this isn't working. Although if you just want a convenience login box on your home page, why not get it to post to /j_acegi_security_check, being the same post target as your normal login form? You shouldn't need separate login processing filters.
If this doesn't help, please post a debug-level log from AuthenticationProcessingFilter,
Junior Member
Let me explain why I must do in such a way.
Our webapp has a home page, and authorized users have their personal home page. The login form exists in two pages: one for home page, another one for a separated login page.
The original page flow is user can login from both the above pages, and will be redirected to their personal home page. But now the page flow will be changed in such a way: if user login from home page, then he will stay in the home page, but if he login from the seperated login page, then he will be redirected to his personal main page. So, as you can see, one entry point is not enough.
The configuration for applicationContext.xml is like such:
But when I login from either login form, I will be redirected to the same page: /userWelcome.jsp.Code:<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginError.jsp</value></property> <property name="defaultTargetUrl"><value>/mainMenu.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean> <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property> <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/login.jsp</value></property> <property name="forceHttps"><value>false</value></property> </bean> <bean id="authenticationProcessingFilter2" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginMainError.jsp</value></property> <property name="defaultTargetUrl"><value>/userWelcome.jsp</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean> <bean id="authenticationProcessingFilterEntryPoint2" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/loginMain.jsp</value></property> <property name="forceHttps"><value>false</value></property> </bean> <bean id="securityEnforcementFilter2" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property> <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint2"/></property> </bean>
Senior Member
Spring Team
Both filters are defined to process /j_acegi_security_check. You need one to process say /j_acegi_security_check_home_page and one /j_acegi_security_check_personal_page to achieve your goal.
Junior Member
/j_acegi_security_check_home_page and /j_acegi_security_check_personal_page ? Can I define the authorize url in any name?Originally Posted by Ben Alex
Thank you for your reply. I will test this.
Junior Member
I have tested this configuration as you recommended. I changed the /j_acegi_security_check on the home page to /j_acegi_security_check_home, and the other one is /j_acegi_seurity_check. But when I login from the separated login form(not the form in the home page), I got a error that /j_acegi_seurity_check cann't find. And when I enter an authorized page without login, the login form will be the form in the home page.
I was wondering whether the configuration is correct or not. Can you give me some more suggestions?
Senior Member
Spring Team
You said /j_acegi_seurity_check, which might be a typo or might be the problem. Please post the application context, as well as a debug-level log, and I'll be happy to take a look.
Junior Member
Sorry for my typing error. It is "/j_acegi_security_check".
applicationContext.xml :
web.xml:Code:<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginError.jsp</value></property> <property name="defaultTargetUrl"><value>/mainMenu.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean> <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property> <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/login.jsp</value></property> <property name="forceHttps"><value>false</value></property> </bean> <bean id="authenticationProcessingFilter2" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginMainError.jsp</value></property> <property name="defaultTargetUrl"><value>/userWelcome.jsp</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check_home</value></property> </bean> <bean id="authenticationProcessingFilterEntryPoint2" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/loginMain.jsp</value></property> <property name="forceHttps"><value>false</value></property> </bean> <bean id="securityEnforcementFilter2" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property> <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint2"/></property> </bean>
[/code]Code:<filter> <filter-name>Acegi Authentication Processing Filter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value> </init-param> </filter> <filter> <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name> <filter-class>net.sf.acegisecurity.ui.AutoIntegrationFilter</filter-class> </filter> <filter> <filter-name>Acegi HTTP Request Security Filter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value> </init-param> </filter> <filter> <filter-name>Acegi Authentication Processing Filter2</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value> </init-param> </filter> <filter> <filter-name>Acegi HTTP Request Security Filter2</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value> </init-param> </filter> <!-- filter mappings --> <filter-mapping> <filter-name>Acegi Authentication Processing Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Acegi Authentication Processing Filter2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Acegi HTTP Request Security Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Acegi HTTP Request Security Filter2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Posting Permissions
