You don’t need to create /j_spring_security_check_for_employee
and /j_security_check_for_customer
filterProcessingUrl
.
The default one will work just fine with radio button field idea.
In the custom login LoginFilter
, you need to create different tokens for employee and customer.
Here are the steps:
-
Use default
UsernamePasswordAuthenticationToken
for employee login. -
Create
CustomerAuthenticationToken
for customer login. ExtendAbstractAuthenticationToken
so that its class type is distinct fromUsernamePasswordAuthenticationToken
. -
Define a custom login filter:
<security:http> <security:custom-filter position="FORM_LOGIN_FILTER" ref="customFormLoginFilter" /> </security:http>
-
In
customFormLoginFilter
, overrideattemptAuthentication
as follows (pseudo code):if (radiobutton_param value employee) { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); setDetails(whatever); return getAuthenticationManager().authenticate(authRequest); } else if (radiobutton_param value customer) { CustomerAuthenticationToken authRequest = new CustomerAuthenticationToken(username, password); setDetails(whatever); return getAuthenticationManager().authenticate(authRequest); }
-
Override
supports
method inEmployeeCustomAuthenticationProvider
to supportUsernamePasswordAuthenticationToken
. -
Override
supports
method inCustomerCustomAuthenticationProvider
to supportCustomerAuthenticationToken
.@Override public boolean supports(Class<?> authentication) { return (CustomerAuthenticationToken.class.isAssignableFrom(authentication)); }
-
Use both providers in
authentication-manager
:<security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="employeeCustomAuthenticationProvider " /> <security:authentication-provider ref="customerCustomAuthenticationProvider " /> </security:authentication-manager>