Announcement Announcement Module
Collapse
No announcement yet.
Access a controller before authentication Spring Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access a controller before authentication Spring Security

    I've been trying to implement a solution for multiple login pages. I currently have a unique LoginController, and all it does is to retrieve the login jsp when somebody request /app_name/login.htm. I want that to stay that way, but also add two more locations: /app_name/customers/login.htm and /app_name/employees/login.htm each one with an individual controller CustomerLoginController and EmployeeLoginController.

    So my idea is that employees access through their URL and customer using theirs, but if someone try to access the old login.htm the controller redirects him/her to their respective login using an stored cookie and customer as default.

    To me it sounds good, but when I tried to access /app_name/customers/login.htm or /app_name/employees/login.htm it just redirects me to login.htm when I'm not authenticated.

    I really don't know why it's not resolving them. Any opinion, suggestion, guide, tutorial, example code or link would be helpful.

    The project I'm working on has this configs

    Web.xml

    Code:
    <!-- Spring Security -->
    <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    servlet-config.xml

    Code:
    <!-- Controllers Mapping -->
    <context:component-scan base-package="com.company.project.controllers">
        <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
    </context:component-scan>
    security-context.xml

    Code:
    <sec:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/warning/accessDenied.htm" >
        <sec:intercept-url pattern="/employees/login.htm" filters="none" />
        <sec:intercept-url pattern="/customers/login.htm" filters="none" />
        <sec:intercept-url pattern="/login**" filters="none" />
    </sec:http>
    <bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/login.htm" />
        <property name="forceHttps" value="false" />
    </bean>
    <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationFailureUrl" value="/login.htm?login_error=1"/>
        <property name="defaultTargetUrl" value="/home.htm"/>
        <property name="alwaysUseDefaultTargetUrl" value="true"/>
        <property name="filterProcessesUrl" value="/j_spring_security_check"/>
    </bean>
    PD: using Spring 2.5.4 and Spring Security 2.0.4 -_- I Know, but is a fairly sized project and it's been in production for a while
Working...
X