Results 1 to 3 of 3

Thread: A second AuthenticationEntryPoint?

  1. Oct 21st, 2008, 10:00 PM #1
    JCarreon
    JCarreon is offline Junior Member
    Join Date
    Oct 2008
    Posts
    1

    Question A second AuthenticationEntryPoint?

    Here's the setup that I want to properly configure:

    Users enter the website through a basic login page. But if they try to access a page with special restrictions, and their role isn't high enough, they have to go through a different form and enter a PIN code before being allowed to proceed.

    I was browsing through the code and I was thinking of introducing another AuthenticationEntryPoint, and the necessary custom AuthenticationProvider / token to handle the PIN form submission, but I do not know where exactly to plug in these things. Any suggestions? Has anyone ever encountered a similar requirement?

    Thanks in advance. I hope this is possible.
  2. Dec 18th, 2008, 02:29 PM #2
    Developer Dude
    Developer Dude is offline Senior Member
    Join Date
    Oct 2008
    Posts
    136

    Default

    I am kinda guessing here, and this probably isn't the best way to do it depending on your situation, but it is possibly *a* way to do it.

    You could have another servlet with another security setup and a separate login. When the user clicks on the URL that is controlled by that servlet then they have to login there to. Depending on how seamless you want it to be in either your code/app setup and/or for the user this might work. I would think from the user's perspective this might work seamlessly - after all, they are logging in to two different apps right? So they would still remain logged in to the previous app - although they may time out on one or the other app depending on your setup.

    Then there is the RunAsManager ( http://static.springframework.org/sp...AsManager.html ) which might be more elegant and simpler?

    Just some thoughts that might help get you started (maybe in the wrong direction though). I haven't tried this yet, although I will probably have to get around to it in the future.

    Be sure to come back and let us know how you solved your problem.
  3. Dec 18th, 2008, 02:56 PM #3
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    I would follow the model that the AuthenticatedVoter uses. There you can specify that an resource requires full authentication and that remember-me is insufficient, for example. If a user isn't fully authenticated, it throws an InsufficientAuthenticationException which will cause the entry point to be invoked.

    Use a custom entry point and a custom voter (which responds to a specific attribute - e.g. "PIN_REQUIRED"). Then throw a subclass of InsufficientAuthenticationException (say, PinRequiredException) and handle it appropriately in your entry point.

    RunAsManager has a completely different purpose and is not relevant here. It doesn't have anything to do with authenticating the end user.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules