ok, so my use case is that i have a webapp, with a website and a restservice for smartclients. I have a "credentialsexpired" process working for the web as per usual.
Now, i am trying to bypass that check for the restservices, but i am confused as to how.
i have two realms, one normal and one for rest:
<http pattern="/rest/**" create-session="stateless" access-decision-manager-ref="accessDecisionManager"
use-expressions="true" realm="nubarest" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern='/**' access="isAuthenticated()"/>
i have the authenticationmanager set up as:
http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager" use-expressions="true" realm="nuba">
So, what ends up happening, naturally is that the "DefaultPostAuthenticationChecks" method in the AbstractUserDetailsAuthenticationProvider, throws an AuthenticationException when the account creds are expired.
<beans:property name="userDetailsService" ref="userDetailService"/>
<beans:property name="passwordEncoder" ref="passwordManager"/>
..SO, i want to disable that check ONLY for my rest realm... but keep everything else the same between realms. If anybody could nudge me in the right direction, i'd be most happy!
EDIT: to clarify, i *think* i want two authenticationproviders, one for my rest realm, and on for my web realm. I'm just not sure how to make my authenticationmanager to know to pick the right one...