Announcement Announcement Module
Collapse
No announcement yet.
Different Logins, different login forms Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Different Logins, different login forms

    I've got this webapp that has 2 different entry points:
    - login 1 requires account id, username and password
    - login 2 requires only username and password

    What would I have to do to get this done?

  • #2
    Are all users coming from the same AuthenticationProvider (ie backend database)?

    This thread might give some ideas on how multiple authentication tokens can be used: http://forum.springframework.org/viewtopic.php?t=284.

    This thread might give some ideas on chaining authentication providers (basically you probably want to do that): http://forum.springframework.org/viewtopic.php?t=2729.

    Comment


    • #3
      I have same kind of situtation.

      - two restricted ares and a public area
      www.myapp.com
      www.myapp.com/users/
      www.myapp.com/admin/

      - two entry points to the restricted areas and two error pages

      www.myapp.com/login.jsp
      www.myapp.com/loginerror.jsp
      www.myapp.com/login2.jsp
      www.myapp.com/loginerror2.jsp

      - two database tables where user information is stored

      I could find instructions how to write custom code to authenticate but still have problems to define two entry points & error pages ???

      How this can be achieved?

      Comment


      • #4
        Is it really necessary to have this level of complexity in your app? Surely it would be easier to have a consolidated login page, and login error page, and a single AuthenticationEntryPoint. A delegating/custom AuthenticationDao or AuthenticationManager can be used to successively poll different backends until the user is located. Is the use of two login pages a symptom of having two different databases - does it really need to be preserved?

        Comment


        • #5
          Using two different databases is a customer requirement.

          Is it possible to forward client based on the role? If I would use
          single login page www.myapp.com/login.jsp can I do something
          like:

          * if role == admin -> www.myapp.com/admin/
          * if role == user -> www.myapp.com/user/

          ???

          Comment


          • #6
            So does that mean if there are different logins it should be different webapps altogether?

            Comment


            • #7
              Originally posted by igeca
              Using two different databases is a customer requirement.

              Is it possible to forward client based on the role? If I would use
              single login page www.myapp.com/login.jsp can I do something
              like:

              * if role == admin -> www.myapp.com/admin/
              * if role == user -> www.myapp.com/user/
              Yes, this is possible. For example you can read the session variable defined by ACEGI_SECURITY_AUTHENTICATION_KEY to get the role and use it in your controller (depending on the framework you are using) to forward to the desired location.

              Philipp

              Comment


              • #8
                You should use the ContextHolder to obtain the current Authentication - never use HttpSession. Indeed the ACEGI_SECURITY_AUTHENTICATION_KEY attribute is removed in version 0.8.0 (coming soon) and replaced with storage of the Context as a whole.

                Regarding forwarding, if it's just a case of having a single login page but a different "login success" page, you could use the AbstractProcessingFilter.alwaysUseDefaultTargetUrl to redirect to a standard JSP which then uses the Acegi Security authz taglib to do the redirection based on role held by the user.

                Comment

                Working...
                X