java


Spring-Security with two authentication managers


<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http security="none" pattern="/resources/**"/>
<http use-expressions="true" auto-config="true" pattern="/rest/sales/**" authentication-manager-ref="salesAuth" disable-url-rewriting="true">
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')"/>
<form-login login-page="/rest/checkSales/salesLogin"
default-target-url="/rest/sales/getSalesManagerHome"
authentication-failure-url="/rest/checkSales/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/ogin_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true" >
<headers>
<cache-control />
</headers>
<intercept-url pattern="/rest/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')" />
<form-login login-page="/rest/check/adminLogin"
default-target-url="/rest/admin/adminDashBoard"
authentication-failure-url="/rest/check/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/login_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager erase-credentials="true">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<authentication-manager erase-credentials="true" alias="salesAuth">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
</beans:beans>
The problem is with second authentication-manager is overriding anthor authentication manager, i.e. always second authentication manager get executing. Here I am using two custom login pages for two different modules in my project, or tell me how to apply Spring Security for two custom login pages in one project.
You have to give your <authentication-manager> an id attribute not an alias, otherwise the second declaration overrides the first. And then I think you should remove the authentication-manager-ref attribute.
This has been asked on the old spring forum and answered by Luke Taylor (anyone who read Spring security source code will have seen his name a lot) here

Related Links

Java EE Web Project with Maven : 404 not found no error message
How to do a multivalued comparison in Subquery - JPA Criteria API?
.zip file downloaded as f.txt file - springboot
mvn COMPILATION ERROR : error reading jar error in opening zip file
How to associate data to the elements in a collection without modifying the elements?
Set text column width using Java api
How to access a specific element while using a List of a List of a primitive data type in Java
org.openqa.selenium.ElementNotVisibleException: element not visible (Session info: chrome=55.0.2883.87)
how do I concatenate two lines dynamically using java? [closed]
How to get the current view of the hybrid app to a bitmap
Play 2.4.2 JavaWs giving null
How to add capability to the web-app so that it can be used by multiple users at the same time
LWJGL/OpenGL Java Matrix4f Taking up large amounts of memory
How to get upload progress with Java SDK for Dropbox API v2?
Button link to internet makes app crash
Android - How to eliminate these gradle/proguard warnings?

Categories

HOME
asp.net-core
keycloak
omnet++
fluentd
single-sign-on
mfc
plot
grep
analysis
callback
constraint-programming
paradox
adfs
vifm
imacros
modx-revolution
google-cloud-ml
try-catch
django-simple-history
pc
transformation
lucene.net
introduction
dbext
custom-wordpress-pages
cloudhub
arabic
chromium-embedded
hammerspoon
bootstrap-material-design
elasticsearch-ruby
dbclient
nouislider
lightswitch-2013
y86
catalog
ssjs
unobtrusive-validation
opshub
sfdc
fedex
reportingservices-2005
total-commander
thin
angular-resource
azure-application-gateway
theming
jquery-validate
clean-architecture
jlink
idisposable
nodebb
nsarray
pdfclown
linode
arrow-keys
query-performance
ableton-live
instant
dstu2-fhir
file-writing
impresspages
firebaseui
ios8-today-widget
endeca-workbench
t4mvc
qdialog
mono-embedding
census
jsapi
device-orientation
socketexception
issuu
funcunit
cdc
cos
random-seed
sqlperformance
clipper
gil
multipage
ticoredatasync
work-stealing
deobfuscation
xdomainrequest
krl
mysql-error-1005
radcombobox
blitz++
createwindow
dentrix
mozilla-prism
perfect-hash
kdbg
ti-dsp
anti-piracy
mediarss

Resources

Database Users
RDBMS discuss
Database Dev&Adm
javascript
java
csharp
php
android
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App