Spring Security multiple entry points

over 9 years ago

0
0
Positive Vote
0
Negative Vote
0
Save Favourite
1
0
0
0
2.48k

Comment on it

It is possible to create more than one entry point in spring security by assigning the different roles here the code script configuration of springsecurity-context.xml.

springsecurity-context.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http   access-decision-manager-ref="accessDecisionManager" auto-config="false"  entry-point-ref="formLoginAuthenticationEntryPoint">
        <intercept-url  pattern="/section1/**" access="roles.first" />
        <intercept-url  pattern="/section2/**" access="roles.second" />


<logout logout-success-url="/index.htm" logout-url="/secure_logout"/>

  </http>

<beans:bean id="customTargetUrlResolver" class="mypackage.security.CustomTargetUrlResolver">
         <beans:property name="sectionTwoDefaultUrl" value="/section2/index.htm"/>
         <beans:property name="sectionOneDefaultUrl" value="/section1/index.htm"/>
</beans:bean>

<beans:bean id="formLoginFilter"  class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" >

 <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>

      <beans:property name="authenticationFailureUrl" value="/login.htm?error=1" />
      <beans:property name="authenticationManager" ref="authenticationManager"/> 
      <beans:property name="filterProcessesUrl" value="/secure_login"/>
      <beans:property name="allowSessionCreation" value="true" />
      <beans:property name="targetUrlResolver" ref="customTargetUrlResolver"/>
</beans:bean>

</beans:beans>

define the targetUrlResolver

CustomTargetUrlResolver.java

public class CustomTargetUrlResolver implements TargetUrlResolver {

    private String sectionOneDefaultUrl;
    private String sectionTwoDefaultUrl;

    public String getSectionTwoDefaultUrl() {
        return sectionTwoDefaultUrl;
    }

    public void setSectionTwoDefaultUrl(String sectionTwoDefaultUrl) {
        this.sectionTwoDefaultUrl = sectionTwoDefaultUrl;
    }

    public String getSectionOneDefaultUrl() {
        return sectionTwoDefaultUrl;
    }

    public void setSectionOneDefaultUrl(String sectionOneDefaultUrl) {
        this.sectionOneDefaultUrl = sectionOneDefaultUrl;
    }


    @Override
    public String determineTargetUrl(SavedRequest savedRequest, HttpServletRequest currentRequest,
            Authentication auth) {

        //Get user's roles
              for (GrantedAuthority authority : auth.getAuthorities()) {

                if (authority.toString().equals("roles.second")) {

                    return getSectionTwoDefaultUrl();

                } else if (authority.toString().equals("roles.first")) {

                    return getSectionOneDefaultUrl();
                }


            }


  //User has none of the roles but is authenticated, redirect below.
        return "/authenticated/index.html";
    }


}

1 Comment(s)

@kanishka.kaushik

Follow Recommendations Offline Message

over 9 years ago
- 0
- 0
- 0
  Report spam
- 0
- 0
Nice blog

Spring Security multiple entry points

1 Comment(s)

Comment on it

Unable to start Java!! Mr. Nerd figure out why..

Positive Votes

Negative Votes

Delete Comment

Post Projects

Manage Company