Announcement Announcement Module
No announcement yet.
having multiple "http" blocks (each with different entry point...) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • having multiple "http" blocks (each with different entry point...)

    hi experts,

    something that is not cleared to me... what is the meaning of having 2 blocks of "http" in my XML? (threads, etc...)
    suppose each one of them has its own "entry point" - what is the meaning and what is the impact on the application itself? how does spring handle couple of "entry points"?
    and if each one of them has it own "authentication-manager"?
    what spring does "behind the scenes"?

    just an example (oauth) - but this question is realted for every other implementation.

        <security:http pattern="/oauth/token"  authentication-manager-ref="clientAuthenticationManager">
            <security:intercept-url pattern="/oauth/token" access="ROLE_CLIENT" requires-channel="https"/>
            <security:anonymous enabled="false" />
            <security:http-basic />
        <security:http auto-config="true" authentication-manager-ref="usersAuthManager">
    		<security:intercept-url pattern="/publicKey" access="IS_AUTHENTICATED_ANONYMOUSLY" />
            <security:intercept-url pattern="/oauth/**"	access="ROLE_USER"  requires-channel="https" />
    		<security:intercept-url pattern="/**" access="ROLE_ADMIN"   requires-channel="https" />
            <security:anonymous enabled="false"/>

  • #2
    Each <http> blocks are used only if their pattern is matched. If there is no pattern the default pattern of match everything is used. The impact is that each AuthenticationEntryPoint (i.e. what to do if authentication is required and the user has not yet authenticated) is only used when it matches the pattern on the corresponding <http> block.