Can i put 3 different authentication schemes in same spring security configuration ?
Hi, My requirement is to provide:
Userid password based authentication.
Open id based authentication
Url based authentication (its a custom sso impl we have)
in the same project.
I have tried to plug in Spring security into an existing project as (code stripped down for simplicity):
as mentioned above, i need to track a url of the form : /myApp/customLogin/12345 where 1235 is the token key, we were initially using (code stripped down for simplicity)Code:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> <http auto-config="false"> <remember-me user-service-ref="rememberMeUserService" key="some custom key" /> <!-- TODO: Key made for testing reasons.... --> <intercept-url pattern='/mainApplication/Main screen.html' access="ROLE_ADMIN"/> <intercept-url pattern='/**' filters="none"/> <!-- Allow entry to login screen --> <openid-login authentication-failure-url="/Login.html?error=true" default-target-url="/mainApplication/Main screen.html" user-service-ref="openIdUserService"/> <form-login login-page="/Login.html" authentication-failure-url="/Login.html?error=true" always-use-default-target="true" default-target-url="/mainApplication/Main screen.html"/> </http> <beans:bean id="rememberMeUserService" class="mypackage.CustomUserService"> </beans:bean> <!-- Common login shared entry-point for both Form and OpenID based logins --> <beans:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <beans:property name="loginFormUrl" value="/Login.html" /> </beans:bean> <authentication-manager alias="authenticationManager"/> <beans:bean id="MyCustomAuthenticationProvider" class="mypackage.CustomAuthenticationProvider"> <custom-authentication-provider /> </beans:bean> <beans:bean id="openIdAuthenticationProvider" class="org.springframework.security.providers.openid.OpenIDAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="userDetailsService" ref="openIdUserService"/> </beans:bean> <beans:bean id="openIdUserService" class="mypackage.OpenIDUserDetailsService"></beans:bean> <!-- Great, now i want to include SSO based sign on --> <!-- need to intercept a url of the form : /myApp/customLogin/<key> where <key> is my token key --> </beans:beans>
What should i do here to enable spring security to help me manage this third authentication scheme ?Code:<servlet-mapping> <servlet-name>mySSOCapture</servlet-name> <url-pattern>/myApp/*</url-pattern></servlet-mapping><servlet-mapping> <servlet-name>MyServlet</servlet-name> <url-pattern>/MyServlet</url-pattern> </servlet-mapping>
a corollary question is : can i have many authentication providers in the same project ? if yes, then how can they be matched to different functionalities (eg one providing url based authentication, one providing anonomous auth, etc) ?
