Announcement Announcement Module
Collapse
No announcement yet.
Double authentication method Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Double authentication method

    I have a web application, I want some URLs were authenticated with basic authentication and other authentiction with the form, I can do? how?

    Thanks.

    Sergio

  • #2
    I tried to do

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schem...-beans-2.5.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <security:global-method-security secured-annotations="enabled" />

    <security:authentication-manager alias="idAuthenticationManager"/>

    <security:http auto-config="false" >
    <security:intercept-url pattern="/Login*" filters="none"/>
    <security:intercept-url pattern="/images/**" filters="none" />
    <security:intercept-url pattern="/js/**" filters="none" />
    <security:intercept-url pattern="/theme/**" filters="none" />
    <security:intercept-url pattern="/Index.jsp" filters="none" />
    <security:intercept-url pattern="/spring_security_login*" filters="none"/>

    <security:intercept-url pattern="/**" access="ROLE_AUTHENTICATED" />

    <security:http-basic/>
    <security:form-login login-page="/Login.jsp" always-use-default-target="false" default-target-url="/Main.uri?RELOAD_USER=1" authentication-failure-url="/Login.jsp?LOGIN_KO=1"/>
    <security:logout logout-url="/Logout.uri" logout-success-url="/Index.jsp" />
    </security:http>

    <security:authentication-provider>
    <securityassword-encoder hash="md5" />
    <security:jdbc-user-service data-source-ref="springDataSource"/>
    </security:authentication-provider>

    <bean id="basicExceptionTranslationFilter"
    class="org.springframework.security.ui.ExceptionTr anslationFilter">
    <property name="authenticationEntryPoint" ref="_basicAuthenticationEntryPoint"/>
    <property name="accessDeniedHandler">
    <bean class="org.springframework.security.ui.AccessDenie dHandlerImpl"/>
    </property>
    </bean>


    <bean id="httpSessionContextIntegrationFilterWithASCFals e"
    class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter">
    <property name="allowSessionCreation" value="true"/>
    </bean>

    <bean id="customSecurityFilterChain" class="org.springframework.security.util.FilterCha inProxy">
    <security:filter-chain-map path-type="ant">
    <security:filter-chain pattern="/webdav/**"
    filters="httpSessionContextIntegrationFilterWithAS CFalse,_basicAuthenticationFilter,
    basicExceptionTranslationFilter,_filterSecurityInt erceptor"/>
    <security:filter-chain pattern="/**"
    filters="_httpSessionContextIntegrationFilter,
    _securityContextHolderAwareRequestFilter,
    _exceptionTranslationFilter,
    _filterSecurityInterceptor,
    _logoutFilter,
    _formLoginFilter" />
    </security:filter-chain-map>
    </bean>
    </beans>

    but as the basic authentication works on that form remains firm and the browser seems to keep doing the redirects.

    Any idea?

    Thanks

    Sergio

    Comment

    Working...
    X