Configuring Spring Security 3.x to have multiple entry points

by

You don’t need to create /j_spring_security_check_for_employee and /j_security_check_for_customer filterProcessingUrl.

The default one will work just fine with radio button field idea.

In the custom login LoginFilter, you need to create different tokens for employee and customer.

Here are the steps:

  1. Use default UsernamePasswordAuthenticationToken for employee login.

  2. Create CustomerAuthenticationToken for customer login. Extend AbstractAuthenticationToken so that its class type is distinct from UsernamePasswordAuthenticationToken.

  3. Define a custom login filter:

    <security:http>
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="customFormLoginFilter" />
</security:http>

  4. In customFormLoginFilter, override attemptAuthentication as follows (pseudo code):

    if (radiobutton_param value employee) {
    UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
    setDetails(whatever);
    return getAuthenticationManager().authenticate(authRequest);
} else if (radiobutton_param value customer) {
    CustomerAuthenticationToken authRequest = new CustomerAuthenticationToken(username, password);
    setDetails(whatever);
    return getAuthenticationManager().authenticate(authRequest);
}

  5. Override supports method in EmployeeCustomAuthenticationProvider to support UsernamePasswordAuthenticationToken.

  6. Override supports method in CustomerCustomAuthenticationProvider to support CustomerAuthenticationToken.

    @Override
public boolean supports(Class<?> authentication) {
    return (CustomerAuthenticationToken.class.isAssignableFrom(authentication));
}

  7. Use both providers in authentication-manager:

    <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="employeeCustomAuthenticationProvider " />
    <security:authentication-provider ref="customerCustomAuthenticationProvider " />
</security:authentication-manager>

More Related Contents:

  1. Customize authentication failure response in Spring Security using AuthenticationFailureHandler
  2. Filter invoke twice when register as Spring bean
  3. How to get active user’s UserDetails
  4. How to fix role in Spring Security?
  5. How To Inject AuthenticationManager using Java Configuration in a Custom Filter
  6. When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
  7. How to manage exceptions thrown in filters in Spring?
  8. How to manually set an authenticated user in Spring Security / SpringMVC
  9. Disable Spring Security for OPTIONS Http Method
  10. How to disable ‘X-Frame-Options’ response header in Spring Security?
  11. Multiple WebSecurityConfigurerAdapters: JWT authentication and form login in spring security
  12. Websocket Authentication and Authorization in Spring
  13. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  14. How to get the current logged in user object from spring security?
  15. Unit testing with Spring Security
  16. Spring security does not allow CSS or JS resources to be loaded
  17. how to display custom error message in jsp for spring security auth exception
  18. spring web, security + web.xml + mvc dispatcher + Bean is created twice
  19. Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
  20. How to apply Spring Security filter only on secured endpoints?
  21. Spring security’s SecurityContextHolder: session or request bound?
  22. Securing Spring Boot API with API key and secret
  23. Spring Security multiple url ruleset not working together
  24. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  25. How do I add method based security to a Spring Boot project?
  26. Spring REST security – Secure different URLs differently
  27. What does Cookie CsrfTokenRepository.withHttpOnlyFalse () do and when to use it?
  28. RestTemplate with pem certificate
  29. disabling spring security in spring boot app [duplicate]
  30. Custom Authentication Manager with Spring Security and Java Configuration

Leave a Comment