Announcement Announcement Module
Collapse
No announcement yet.
Configuring multiple authentication managers Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring multiple authentication managers

    I have the following configurations in my spring-security.xml

    They both work independently of each other, but not at the same time.

    I've reviewed this thread and it seems to indicate I can use two authentication-manager tags by separating them by an Id attribute.

    However, I believe my original configuration (which came from a archetype project) overrides the default manager (because it doesn't have an Id), but after I implement my second one, I get an exception when I attempt to use the first:

    org.springframework.web.util.NestedServletExceptio n: Request processing failed; nested exception is org.springframework.security.authentication.Authen ticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
    With that in mind, what I can I do here so I can use my custom token authentication filter for the /api/** endpoint, while still authenticating the rest of the application with the standard authentication manager, and sharing the user service between them!

    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    
    	<security:global-method-security
    		secured-annotations="enabled" />
    
    	<security:http pattern="/" authentication-manager-ref="defaultSecurityManager"
    		auto-config="true" disable-url-rewriting="true" use-expressions="true">
    		<security:logout logout-url="/logout" />
    		<security:intercept-url pattern="/" access="permitAll" />
    		<security:intercept-url pattern="/**"
    			access="isAuthenticated()" />
    	</security:http>
    
    	<security:http pattern="/api/**"
    		authentication-manager-ref="authenticationManager" realm="Protected API"
    		use-expressions="true" auto-config="false" create-session="stateless"
    		entry-point-ref="CustomAuthenticationEntryPoint">
    		<security:custom-filter ref="authenticationTokenProcessingFilter"
    			position="FORM_LOGIN_FILTER" />
    		<security:intercept-url pattern="/api/authenticate"
    			access="permitAll" />
    		<security:intercept-url pattern="/api/**"
    			access="isAuthenticated()" />
    	</security:http>
    
    	<bean id="CustomAuthenticationEntryPoint" class="foo.api.CustomAuthenticationEntryPoint" />
    
    	<bean class="foo.api.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
    		<constructor-arg ref="authenticationManager" />
    	</bean>
    
    	<security:authentication-manager
    		erase-credentials="true" id="defaultSecurityManager">
    		<security:authentication-provider
    			user-service-ref="userService" />
    	</security:authentication-manager>
    
    	<security:authentication-manager
    		erase-credentials="true" id="authenticationManager">
    		<security:authentication-provider
    			user-service-ref="userService" />
    	</security:authentication-manager>
    </beans>
    Last edited by jordanbaucke; Jan 22nd, 2013, 02:38 PM.

  • #2
    First, I think you have to define a unique id for each of your authentication manager. Then, refer to the corresponding authentication manager that you want to use for a specif http element like this:

    <security:http pattern="/api/**" authentication-manager-ref="authManagerA" .... >
    <security:http pattern="/" authentication-manager-ref="authManagerB" .... >

    Comment


    • #3
      Originally posted by bojon View Post
      First, I think you have to define a unique id for each of your authentication manager. Then, refer to the corresponding authentication manager that you want to use for a specif http element like this:

      <security:http pattern="/api/**" authentication-manager-ref="authManagerA" .... >
      <security:http pattern="/" authentication-manager-ref="authManagerB" .... >
      Ok, I've updated my configuration (See original post)- no change in the results, the default security filter still doesn't work. Same error message.

      Comment


      • #4
        Just noticed something seems to be wrong with the pattern="/"? Should it be pattern="/**" instead?

        Comment


        • #5
          If you want to match on everything it should be /**. However, you will need to ensure that the <http pattern="/**" is last since each <http> element is considered in order. Placing /** first will produce an error since /api/** will never be reached.

          Comment

          Working...
          X