Different Logins, different login forms

**georgef** · Feb 14th, 2005, 10:34 PM

I've got this webapp that has 2 different entry points:
- login 1 requires account id, username and password
- login 2 requires only username and password

What would I have to do to get this done?

**Ben Alex** · Feb 15th, 2005, 01:28 AM

Are all users coming from the same AuthenticationProvider (ie backend database)?

This thread might give some ideas on how multiple authentication tokens can be used: http://forum.springframework.org/viewtopic.php?t=284.

This thread might give some ideas on chaining authentication providers (basically you probably want to do that): http://forum.springframework.org/viewtopic.php?t=2729.

**igeca** · Feb 17th, 2005, 10:30 AM

I have same kind of situtation.

- two restricted ares and a public area
www.myapp.com
www.myapp.com/users/
www.myapp.com/admin/

- two entry points to the restricted areas and two error pages

www.myapp.com/login.jsp
www.myapp.com/loginerror.jsp
www.myapp.com/login2.jsp
www.myapp.com/loginerror2.jsp

- two database tables where user information is stored

I could find instructions how to write custom code to authenticate but still have problems to define two entry points & error pages ???

How this can be achieved?

**Ben Alex** · Feb 18th, 2005, 03:51 AM

Is it really necessary to have this level of complexity in your app? Surely it would be easier to have a consolidated login page, and login error page, and a single AuthenticationEntryPoint. A delegating/custom AuthenticationDao or AuthenticationManager can be used to successively poll different backends until the user is located. Is the use of two login pages a symptom of having two different databases - does it really need to be preserved?

**igeca** · Feb 18th, 2005, 05:08 AM

Using two different databases is a customer requirement.

Is it possible to forward client based on the role? If I would use
single login page www.myapp.com/login.jsp can I do something
like:

* if role == admin -> www.myapp.com/admin/
* if role == user -> www.myapp.com/user/

???

**georgef** · Feb 20th, 2005, 09:30 PM

So does that mean if there are different logins it should be different webapps altogether?

**phil** · Feb 21st, 2005, 04:08 AM

Originally Posted by igeca

Using two different databases is a customer requirement.

Is it possible to forward client based on the role? If I would use
single login page www.myapp.com/login.jsp can I do something
like:

* if role == admin -> www.myapp.com/admin/
* if role == user -> www.myapp.com/user/

Yes, this is possible. For example you can read the session variable defined by ACEGI_SECURITY_AUTHENTICATION_KEY to get the role and use it in your controller (depending on the framework you are using) to forward to the desired location.

Philipp

**Ben Alex** · Feb 21st, 2005, 04:55 PM

You should use the ContextHolder to obtain the current Authentication - never use HttpSession. Indeed the ACEGI_SECURITY_AUTHENTICATION_KEY attribute is removed in version 0.8.0 (coming soon) and replaced with storage of the Context as a whole.

Regarding forwarding, if it's just a case of having a single login page but a different "login success" page, you could use the AbstractProcessingFilter.alwaysUseDefaultTargetUrl to redirect to a standard JSP which then uses the Acegi Security authz taglib to do the redirection based on role held by the user.

Thread: Different Logins, different login forms

Thread Tools

Display

Different Logins, different login forms

Similar Threads

acegi + CAS going in loop after login

how to config two login entry point?

Multiple forms in one page / forms mit multiple actions

Forms and nested properties

Acegi - Login Tapestry

Posting Permissions