Announcement Announcement Module
Collapse
No announcement yet.
Login and Register page using Spring Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login and Register page using Spring Security

    Hi,

    I am trying to create a login page with the typical username/password combination with a link to allow users that don't have a user name to register. For the registration page I'm using employee Id and their email (plus reCaptcha) for authentication. I was able to get everything to work by having 2 http elements and 2 different authentication managers. The problem I'm having is how to setup 2 different login-processing-url, for some reason it always forwards to the login page

    security.xml
    Code:
    <http pattern="/images/*" security="none" />
    <http pattern="/js/*" security="none" />
    <http pattern="/styles/*" security="none" />
    <http auto-config="true" use-expressions="true" authentication-manager-ref="registerAuth"
    pattern="/register*">
    <form-login login-processing-url="/register/j_spring_security_check"
      login-page="/register.do" default-target-url="/createUser.do" always-use-default-target="true"
      authentication-failure-url="/register.do?login_error=t"/>
     <!-- 
      <custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/>
     <custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/>
     -->
     
      <intercept-url pattern="/register.do" access="permitAll"/>
      <intercept-url pattern="/registerAuth.do" access="permitAll"/>
      <intercept-url pattern="/register/j_spring_security_check" access="permitAll"/>
      <intercept-url pattern="/createUser.do" access="hasAnyRole('NEW_USER')"/> 
      <intercept-url pattern="/**" access="denyAll"/>  
    </http> 
    <http auto-config="true" use-expressions="true" authentication-manager-ref="loginAuth">
    <form-login login-processing-url="/static/j_spring_security_check" 
      login-page="/login.do" default-target-url="/home.do" always-use-default-target="true"
      authentication-failure-url="/login.do?login_error=t"/>
      <logout  logout-success-url="/home.do"/>
      <intercept-url pattern="/login.do" access="permitAll"/>
      <intercept-url pattern="/**" access="hasAnyRole('USER','ADMIN')"/>  
    </http>
    <authentication-manager id="loginAuth">
     <authentication-provider user-service-ref="userService"/>
    </authentication-manager>
    <jdbc-user-service id="userService" data-source-ref="dataSource"
    users-by-username-query=
    "select user_name as username,password,true from dbo.web_user where user_name=?"
    authorities-by-username-query="select user_name as username,role from dbo.user_roles where user_name=?"/>
    
    <authentication-manager id="registerAuth">
     <authentication-provider user-service-ref="registerService"/>
    </authentication-manager>
    <jdbc-user-service id="registerService" data-source-ref="dataSource"
    users-by-username-query=
    "select employee_id as username, email as password, true from dbo.employees where employee_id=?"
    authorities-by-username-query="select employee_id as username,'NEW_USER' as role from dbo.employees where employee_id=?"/>
Working...
X