Oct 14th, 2009, 12:03 PM
Invoking same url from diferent clients that use distinct autentication methods
Hello, I have a problem configuring an specific url from my web application with spring security 2.0.4, to be accessed from different clients with distinct authentication methods.
This "special url" is our reports engine, and it's usually invoked by users previously autenticated in the web-app-1 using LDAPAuthentication, and navigating from a browser.
There is another web application that exposes methods through spring's httpinvoker (web-app-2), and it's cosumed by an eclipse rcp-app that uses Basic Authentication Mechanism for all requests after authenticated in the same LDAP server.
We would like to use this rcp-app to show some reports deployed at web-app-1, but since this request haven't been authenticated in the web-app-1 context, there's a security error.
I tryed to configure the filter chain, but this doesn't solve the issue since it runs secuentally the filters. There's something that can use one or another authentication method? I'll welcome every idea or suggestion.
Oct 19th, 2009, 09:35 AM
First of all, you need some way to differentiate the calls from different clients. The easiest way for this, i think is to add a request parameter like reportUrl?clientType=rcp.
Then you need to configure your FilterChainProxy bean instance with an explicit security:filter-chain-map so that different authentication processing filters can be applied based on intercepted url. For example;
<bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
<security:filter-chain pattern="/reportUrl?clientType=rcp" filters="...,basicProcessingFilter,..."/>
<security:filter-chain pattern="/**" filters="...,authenticationProcessingFilter,..."/>
Tags for this Thread