Announcement Announcement Module
Collapse
No announcement yet.
More secure authentication for certain roles Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • More secure authentication for certain roles

    Hi,

    I'd like to know if it's possible to configure a more advanced security requirement for certain roles such as admin roles?
    E.g. if a user logs in with an admin role, in stead of just username/password, there's also an ip-number check or certificate check?

    Kind regards,
    Marc

  • #2
    Certainly possible, one option is to use a custom AccessDecisionVoter that check the required role (ConfigAttribute) and then performs additional checks. You would then pass your AccessDecisionVoter into an AccessDecisionManager

    Finally you would wire up your AccessDecisionManager:

    <http access-decision-manager-ref="myAccessDecisionManagerBean">
    ...
    </http>

    I hope this helps, let me know if you need any more pointers

    Comment

    Working...
    X