Announcement Announcement Module
Collapse
No announcement yet.
Multiple login pages and authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple login pages and authentication

    Hi, I'm new to acegi and need help on implementing a webapp that requires two login pages and authentication. One for users and another for adminstrators. I've tried using the FilterChainProxy bean to chain in different AuthenticationProcessingFilter's and ExceptionTranslationFilter's based on the url but have come across a stumbling block. Although the application renders the correct login page it fails with a http 404 error stating that the j_acegi_security_check or j_acegi_security_check_admin resources are not available

    Below is the config that I'm using

    web.xml

    Code:
    	<!-- Install the Acegi filter -->
    	<filter>
    	  <filter-name>Acegi Filter Chain Proxy</filter-name>
    	  <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
    	  <init-param>
    		<param-name>targetClass</param-name>
    	<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
    	  </init-param>
    	</filter>
    
    	
    	<filter-mapping>
    	  <filter-name>Acegi Filter Chain Proxy</filter-name>
    	  <url-pattern>/*</url-pattern>
    	</filter-mapping>
    
    </web-app>
    and

    applicationContext-acegi-security.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    
    
    <beans>
    
    	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/admin/**=adminAuthenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,adminExceptionTranslationFilter,filterInvocationInterceptor
    				/student/**=authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			</value>
    		</property>
    	</bean>
    
    	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
    
    	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
    		<constructor-arg>
    			<list>
    				<ref bean="rememberMeServices"/>
    				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
    			</list>
    		</constructor-arg>
    	</bean>
    
    	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
    		<property name="defaultTargetUrl" value="/"/>
    		<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    	</bean>
    	
    	<bean id="adminAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="authenticationFailureUrl" value="/adminlogin.jsp?login_error=1"/>
    		<property name="defaultTargetUrl" value="/admin/home.jsp"/>
    		<property name="filterProcessesUrl" value="/admin/j_acegi_security_check_admin"/>
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    	</bean>	
       
    	<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
    
    	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    	</bean>
    
    	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    		<property name="key" value="changeThis"/>
    		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
    	</bean>
    
    	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
    		<property name="authenticationEntryPoint">
    			<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    				<property name="loginFormUrl" value="/login.jsp"/>
    				<property name="forceHttps" value="false"/>
    			</bean>
    		</property>
    		<property name="accessDeniedHandler">
    			<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    				<property name="errorPage" value="/accessDenied.jsp"/>
    			</bean>
    		</property>
    	</bean>
    	
    	<bean id="adminExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
    		<property name="authenticationEntryPoint">
    			<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    				<property name="loginFormUrl" value="/adminlogin.jsp"/>
    				<property name="forceHttps" value="false"/>
    			</bean>
    		</property>
    		<property name="accessDeniedHandler">
    			<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    				<property name="errorPage" value="/accessDenied.jsp"/>
    			</bean>
    		</property>
    	</bean>	
    
    	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="accessDecisionManager">
    			<bean class="org.acegisecurity.vote.AffirmativeBased">
    				<property name="allowIfAllAbstainDecisions" value="false"/>
    				<property name="decisionVoters">
    					<list>
    						<bean class="org.acegisecurity.vote.RoleVoter"/>
    						<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
    					</list>
    				</property>
    			</bean>
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/images/**=IS_AUTHENTICATED_ANONYMOUSLY	
    				/student/**=ROLE_USER	
    				/admin/**=ROLE_SUPERVISOR
    			</value>
    		</property>
    	</bean>
    
    	
    	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    		<property name="userDetailsService" ref="userDetailsService"/>
    		<property name="key" value="changeThis"/>
    	</bean>
    
    	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="daoAuthenticationProvider"/>
    				<ref local="adminDaoAuthenticationProvider"/>
    				<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
    					<property name="key" value="changeThis"/>
    				</bean>
    				<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
    					<property name="key" value="changeThis"/>
    				</bean>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="userDetailsService" ref="userDetailsService"/>
    		<property name="userCache">
    			<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    				<property name="cache">
    					<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    						<property name="cacheManager">
    							<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    						</property>
    						<property name="cacheName" value="userCache"/>
    					</bean>
    				</property>
    			</bean>
    		</property>
    	</bean>
    
    	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
    	<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    		<property name="userProperties">
    			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    				<property name="location" value="/WEB-INF/users.properties"/>
    			</bean>
    		</property>
    	</bean>
    	
    	<bean id="adminDaoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="userDetailsService" ref="adminUserDetailsService"/>
    		<property name="userCache">
    			<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    				<property name="cache">
    					<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    						<property name="cacheManager">
    							<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    						</property>
    						<property name="cacheName" value="userCache"/>
    					</bean>
    				</property>
    			</bean>
    		</property>
    	</bean>
    		
    	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
    	<bean id="adminUserDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    		<property name="userProperties">
    			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    				<property name="location" value="/WEB-INF/users.properties"/>
    			</bean>
    		</property>
    	</bean>	
    
    	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
    	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
    
    </beans>

    Does anyone know what I am doing wrong or of another other approach to solving this problem?

    Thanks in advance

  • #2
    Giving a bump on this post because I'm trying to do the same thing here. I need a different login page for admin and for normal users.

    Comment


    • #3
      problem solved

      Actually I've managed to fix the problem with my webapp. The filterProcessesUrl needs to point to the domain plus the security check string e.g. /admin/j_acegi_security_check_admin

      Below are the changes that I made to the applicationContext-acegi-security.xml file (web.xml is the same)

      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
      
      
      <beans>
      
       <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
         <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /admin/**=httpSessionContextIntegrationFilter,adminAuthenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,adminExceptionTranslationFilter,filterInvocationInterceptor
          /student/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
         </value>
        </property>
       </bean>
      
       <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
      
       <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/loginError.jsp"/>
        <property name="defaultTargetUrl" value="/"/>
        <property name="filterProcessesUrl" value="/student/j_acegi_security_check"/>
       </bean>
       
       <bean id="adminAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/adminLoginError.jsp"/>
        <property name="defaultTargetUrl" value="/admin/home.jsp"/>
        <property name="filterProcessesUrl" value="/admin/j_acegi_security_check_admin"/>
       </bean> 
         
       <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
      
      
       <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
        <property name="key" value="changeThis"/>
        <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
       </bean>
      
       <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
         <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl" value="/login.jsp"/>
          <property name="forceHttps" value="false"/>
         </bean>
        </property>
        <property name="accessDeniedHandler">
         <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
          <property name="errorPage" value="/accessDenied.jsp"/>
         </bean>
        </property>
       </bean>
       
       <bean id="adminExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
         <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl" value="/adminLogin.jsp"/>
          <property name="forceHttps" value="false"/>
         </bean>
        </property>
        <property name="accessDeniedHandler">
         <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
          <property name="errorPage" value="/accessDenied.jsp"/>
         </bean>
        </property>
       </bean> 
      
       <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager">
         <bean class="org.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions" value="false"/>
          <property name="decisionVoters">
           <list>
            <bean class="org.acegisecurity.vote.RoleVoter"/>
            <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
           </list>
          </property>
         </bean>
        </property>
        <property name="objectDefinitionSource">
         <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /login.jsp=IS_AUTHENTICATED_ANONYMOUSLY
          /loginerror.jsp=IS_AUTHENTICATED_ANONYMOUSLY
          /logout.jsp=IS_AUTHENTICATED_ANONYMOUSLY
          /adminlogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
          /adminloginerror.jsp=IS_AUTHENTICATED_ANONYMOUSLY
          /adminlogout.jsp=IS_AUTHENTICATED_ANONYMOUSLY
          /images/**=IS_AUTHENTICATED_ANONYMOUSLY 
          /student/**=ROLE_USER 
          /admin/**=ROLE_SUPERVISOR
         </value>
        </property>
       </bean>
      
       <!--
       <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="key" value="changeThis"/>
       </bean>
       -->
       
       <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
         <list>
          <ref local="daoAuthenticationProvider"/>
          <ref local="adminDaoAuthenticationProvider"/>
          <ref local="ldapAuthenticationProvider"/>
          <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
           <property name="key" value="changeThis"/>
          </bean>
          <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
           <property name="key" value="changeThis"/>
          </bean>
         </list>
        </property>
       </bean>
      
       <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="jdbcDaoImpl"/>
        <property name="userCache">
         <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
          <property name="cache">
           <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
            <property name="cacheManager">
             <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
            </property>
            <property name="cacheName" value="userCache"/>
           </bean>
          </property>
         </bean>
        </property>
       </bean>
      
       <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
         <property name="dataSource"><ref bean="dataSource"/></property>
         <property name="usersByUsernameQuery"><value>SELECT login_id,login_id,1 FROM student WHERE login_id = ?</value></property>
         <property name="authoritiesByUsernameQuery"><value>SELECT login_id,'ROLE_USER' FROM student WHERE login_id = ?</value></property>
       </bean> 
         
       <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
       <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userProperties">
         <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
          <property name="location" value="/WEB-INF/users.properties"/>
         </bean>
        </property>
       </bean>
       
       <bean id="adminDaoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="adminUserDetailsService"/>
        <property name="userCache">
         <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
          <property name="cache">
           <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
            <property name="cacheManager">
             <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
            </property>
            <property name="cacheName" value="userCache"/>
           </bean>
          </property>
         </bean>
        </property>
       </bean>
        
       <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
       <bean id="adminUserDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userProperties">
         <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
          <property name="location" value="/WEB-INF/users.properties"/>
         </bean>
        </property>
       </bean> 
       
      
      
      
       <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
       <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
      
      </beans>

      Comment


      • #4
        My problem is a bit different. I need to know where the user is logging in from. So, if it is from loginAdmin.jsp, or /j_acegy_security_check_admin was intercepted, the user must have admin role.

        The opposite is also true. If the user has admin hole, he cannot login from login.jsp.

        What I'm doing is implementing my own AuthenticationProcessingFilter, wich has the user details and the httpRequest. Any other better idea?

        thanks

        Comment


        • #5
          Originally posted by icetbr
          My problem is a bit different. I need to know where the user is logging in from. So, if it is from loginAdmin.jsp, or /j_acegy_security_check_admin was intercepted, the user must have admin role.

          The opposite is also true. If the user has admin hole, he cannot login from login.jsp.

          What I'm doing is implementing my own AuthenticationProcessingFilter, wich has the user details and the httpRequest. Any other better idea?

          thanks
          My solution does involve the admin user and the normal user having different roles. Also the admin user is not able to log in from the normal users login page and vice versa because I'm using different authentication sources which are responsible for assigning the roles

          Comment


          • #6
            But you're using a different namespace for admin. I'm using the same. So, I NEED to know where the login is comming from.

            I've overriden AuthenticationProcessingFilter and it works fine, just wondering how could I do better.

            Comment


            • #7
              Overriding AuthenticationProcessingFilter

              Hi I need similar functionality...so that I can log the user back out etc. to the correct area etc. Could you give an example of what you did?

              Thanks for any help,

              CMB.

              Comment

              Working...
              X