Clever Geek Handbook

Multiple login forms spring.

I am new to spring and in my project I need to add two login forms for admins and users via spring. Up to this point, I was able to successfully create one login page. Here is my spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/welcome*" access="isAnonymous()"/>
        <intercept-url pattern="/signup*" access="isAnonymous()"/>
        <!--<intercept-url pattern="/login*" access="isAnonymous()" />-->
        <intercept-url pattern="/selection" access="isAuthenticated()"/>
        <intercept-url pattern="/dashboard" access="isAuthenticated()"/>

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />
        <form-login
                login-page="/login"
                default-target-url="/selection"
                authentication-failure-url="/login?error"
                username-parameter="username"
                password-parameter="password" />
        <logout logout-success-url="/login?logout"  />
        <!-- enable csrf protection -->
        <csrf/>
    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>
        <authentication-provider user-service-ref="myUserDetailsService" >
            <password-encoder hash="plaintext" />
        </authentication-provider>
    </authentication-manager>


    <beans:bean id="myUserDetailsService" class="com.cse.cloud4s.service.MyUserDetailsService"/>
</beans:beans>

web.xml

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml,
        /WEB-INF/spring-database.xml
    </param-value>
</context-param>


<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

How can I change the code to use multiple login pages?

+3


source to share


2 answers


You can have as many login pages as you want, but only one default login page is the one for which spring protection is redirected if the user is not authenticated. It would be hard to guess before authenticating anyway if the user wants to login as admin.

The only rule of thumb is that all login pages must send the same fields to the same URL and that this URL is handled by spring.



My only question is why do you need multiple login pages? Spring's way of securing is to have privileges attached to the login, not how you log in.

+5


source


As of Spring Security 3.1, you can now use multiple http elements to define separate security filter chain configurations for different request patterns. If the pattern attribute is omitted from the http element, it matches all requests. Creating an unprotected template is a simple example of this syntax, where the template is mapped to an empty filter chain.



See this Spring Security Documentation for details

+2


source






More articles:


All Articles