Can Spring Security support multiple entry points?
I mean need different:
- Login URL
- Login out url
- session time url开发者_JAVA百科
- authentication provider
- error page
- css
for different entry point.
Is this possible?
From 3.1.0 (which is currently beta) it will support multiple <http>
elements in the namespace.
So short answer:
In 3.1.x yes.
In 3.0.5.RELEASE no.
Longer aswer:
Here is additional info, check the links in the comments also.
I had a similar problem once, since I had multiple entry points.
A good way IMO would be to make a new login page which decides which login page to redirect to or even calls the logic of the other entry points. Then you can point spring to the new page.
I'm pretty sure this can be done inside the filter chain, but I wouldn't recommend it since you will need a lot of manual coding and bean definitions. Generally I don't think 3.0.5 was designed for multiple entry points.
With multiple <http../>
elements, you can achieve most of what you want but the authentication manager is going to be common and that means authentication providers are going to be common. See the issue faced by @David Parks in the post Spring Security 3.1.0.RC1: With multiple elements why can I only register one authentication manager?.
You can see my answers to similar questions such as Configuring Spring Security 3.x to have multiple entry points and Authenticate user using external webservice in grails to develop custom code to execute entry point specific authentication providers. This can be implemented in 3.0.5 as well.
You can implement solution in 3.0.5 without multiple <http../>
elements but you will be need to develop custom code to handle logout and error pages.
There is org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
since 3.0.2.
It might help.
精彩评论