Hi, I'm trying to use a single login form and multiple authentication providers with spring 3.1. As you may know since spring 3.1 it's possible to use multiple <http> tags.
This is my spring security settings.
Code:
<global-method-security pre-post-annotations="enabled" />
<http pattern="/static/**" security="none" />
<http pattern="/loggedout.jsp" security="none" />
<http pattern="/secure/extreme/**" use-expressions="true" auto-config="false" authentication-manager-ref="authenticationManagerVIP" entry-point-ref="authenticationEntryPointVIP" >
<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_VIP')" />
<custom-filter before="FORM_LOGIN_FILTER" ref="authenticationFilterVIP" />
<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID" />
<session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<anonymous/>
</http>
<http pattern="/secure/**" use-expressions="true" auto-config="true" authentication-manager-ref="authenticationManagerInternal">
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
<form-login />
<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID" />
<session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<anonymous/>
</http>
<http pattern="/**" security="none" />
<beans:bean id="authenticationFilterVIP" class="security.VIPAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManagerVIP" />
<beans:property name="authenticationSuccessHandler" ref="successHandler" />
<beans:property name="authenticationFailureHandler" ref="failureHandler" />
</beans:bean>
<beans:bean id="authenticationEntryPointVIP" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp"/>
</beans:bean>
<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/index.jsp" />
</beans:bean>
<beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp?login_error=true" />
</beans:bean>
<authentication-manager id="authenticationManagerVIP" alias="authenticationManagerVIP">
<authentication-provider ref="VIPSAuthenticationProvider" />
</authentication-manager>
<beans:bean id="VIPSAuthenticationProvider" class="security.VIPUserAuthenticationProvider" />
<beans:bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
<authentication-manager id="authenticationManagerInternal">
<authentication-provider>
<password-encoder ref="encoder" />
<user-service>
<user name="rod"
password="4efe081594ce25ee4efd9f7067f7f678a347bccf2de201f3adf2a3eb544850b465b4e51cdc3fcdde"
authorities="supervisor, user, teller" />
</user-service>
</authentication-provider>
</authentication-manager>
The issue is that when:
- I go to /secure/extreme/ it shows me the correct form, however when I submit I always get a
HTTP Status 404 - /webapp/j_spring_security_check
.
- I go to /secure/ it doesn't shows any form (I was expecting the spring default login form), and I always get a
HTTP Status 404 - /wepabb/spring_security_login
.
Any tips?
Thanks in advance.
H
Single form multiple auth providers.
Reply With Quote
