Announcement Announcement Module
No announcement yet.
Access a controller before authentication Spring Security Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access a controller before authentication Spring Security

    I've been trying to implement a solution for multiple login pages. I currently have a unique LoginController, and all it does is to retrieve the login jsp when somebody request /app_name/login.htm. I want that to stay that way, but also add two more locations: /app_name/customers/login.htm and /app_name/employees/login.htm each one with an individual controller CustomerLoginController and EmployeeLoginController.

    So my idea is that employees access through their URL and customer using theirs, but if someone try to access the old login.htm the controller redirects him/her to their respective login using an stored cookie and customer as default.

    To me it sounds good, but when I tried to access /app_name/customers/login.htm or /app_name/employees/login.htm it just redirects me to login.htm when I'm not authenticated.

    I really don't know why it's not resolving them. Any opinion, suggestion, guide, tutorial, example code or link would be helpful.

    The project I'm working on has this configs


    <!-- Spring Security -->

    <!-- Controllers Mapping -->
    <context:component-scan base-package="">
        <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>

    <sec:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/warning/accessDenied.htm" >
        <sec:intercept-url pattern="/employees/login.htm" filters="none" />
        <sec:intercept-url pattern="/customers/login.htm" filters="none" />
        <sec:intercept-url pattern="/login**" filters="none" />
    <bean id="authenticationProcessingFilterEntryPoint" class="">
        <property name="loginFormUrl" value="/login.htm" />
        <property name="forceHttps" value="false" />
    <bean id="authenticationProcessingFilter" class="">
        <property name="authenticationFailureUrl" value="/login.htm?login_error=1"/>
        <property name="defaultTargetUrl" value="/home.htm"/>
        <property name="alwaysUseDefaultTargetUrl" value="true"/>
        <property name="filterProcessesUrl" value="/j_spring_security_check"/>
    PD: using Spring 2.5.4 and Spring Security 2.0.4 -_- I Know, but is a fairly sized project and it's been in production for a while