Announcement Announcement Module
No announcement yet.
Multiple AuthenticationEntryPoint Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple AuthenticationEntryPoint

    I read different threads related to this on forum but unfortunately I did not find what I was looking for so I am posting this.

    Is it possible to specify 2 different AuthenticationEntryPoint in config? I have 2 different entry points into app and each entry point requires different authentication mechanism.

    For ex:

    /oauth/** should be authenticated using OAuth2 hence use OAuthProcessingFilterEntryPoint

    /api/** should be authenticated using CAS hence use CasAuthenticationEntryPoint

    How can this be achieved?


  • #2
    See if this thread helps


    • #3
      Great Thanks! I should have searched a bit more for this. I am an newbie to OAuth2 but Unfortunately it looks like or I inferred so OAuth2 support in Spring is not fully baked in, it assumes that Authorization Server and Resource Server on same Services. There is no config parser which can work out of the box for Resource Server (assuming remote Authorization Server). Or may be I am just failing to understand it.

      Here is what I am trying to achieve -

      1) I have 2 entry points - /partner/* and with Header(Accept:application/json) should go thru OAuth2
      2) All other requests should go thru CAS

      I am trying to add OAuth configuration, CAS config already exists and works as expected

      My Authorization Server and Resource Server (w/protected resource) are 2 separate services and I am using 2 legged authentication. So intention is to just validate authToken agains Authorization Server and get the roles.

      But it looks like AccessDecisionManager is not invoked for /partner/** urls which are OAuth2 request, I see that FilterSecurityInterceptor is invoked. May be this is not the correct way to handle both CAS and OAUTH2 together? or I am just confused wit how it works?

      <sec:http entry-point-ref="casProcessingFilterEntryPoint">
      <sec:intercept-url pattern="/partner/**" access="ROLE_PARTNER" />
      <sec:intercept-url pattern="/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <sec:intercept-url pattern="/static/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <sec:intercept-url pattern="/**/*.ico" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <sec:intercept-url pattern="/**/*.html" access="ROLE_ADMIN" />
      <sec:logout logout-success-url="${cas.logoutUrl}" />
      <sec:custom-filter after="PRE_AUTH_FILTER" ref="oauth2ExceptionHandlerFilter" />
      <sec:custom-filter before="CAS_FILTER" ref="oAuth2ProtectedResourceFilter" />
      <sec:custom-filter after="CAS_FILTER" ref="casProcessingFilter" />
      <sec:access-denied-handler ref="accessDeniedHandler" />
      Last edited by tide08; Jun 24th, 2011, 05:02 PM.