sec:authorize with url when having two http namespace elements with different pattern
I'm using Spring security 3.1.0-RELEASE and I have a problem using the authorize JSP tag with a url because I have two http elements:
- The first for a particular pattern and associated to a custom authentication provider, entry point and filter.
- The second for the rest (classical login).
They use different type of principals.
Pretty much like this (I simplified it a lot hoping it will only give the relevant information):
I was wondering, how can I use the authorize tag with a Url given the fact that I have two potential WebInvocationPrivilegeEvaluator. In my case, I would like to use the authorize tag with the second one but the tag seems to take the first available one from the context and I cannot put it first because I need the most specific pattern to be first.Code:<http use-expressions="true" pattern="/signage/**"> [...] </http> <http use-expressions="true"> <http-basic /> <form-login /> <logout /> [...] </http>
Extract from AbstractAuthorizeTag:327:338
In case there are many WebInvocationPrivilegeEvaluator, I would have expected a mechanism to select the right one according to the pattern set by the http element but maybe I missed something here.Code:private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException { ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()); Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class); if (wipes.size() == 0) { throw new IOException( "No visible WebInvocationPrivilegeEvaluator instance could be found in the application " + "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags."); } return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0]; }
Any suggestion?
Reply With Quote