Announcement Announcement Module
Collapse
No announcement yet.
Can i put 3 different authentication schemes in same spring security configuration ? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can i put 3 different authentication schemes in same spring security configuration ?

    Hi, My requirement is to provide:

    Userid password based authentication.
    Open id based authentication
    Url based authentication (its a custom sso impl we have)
    in the same project.

    I have tried to plug in Spring security into an existing project as (code stripped down for simplicity):

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
    	http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    	http://www.springframework.org/schema/security
    	http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    	
    	<http auto-config="false">
    		<remember-me user-service-ref="rememberMeUserService" key="some custom key" /> <!-- TODO: Key made for testing reasons.... -->
    		<intercept-url pattern='/mainApplication/Main screen.html' access="ROLE_ADMIN"/>
    		<intercept-url pattern='/**' filters="none"/> <!-- Allow entry to login screen -->
    		<openid-login authentication-failure-url="/Login.html?error=true" default-target-url="/mainApplication/Main screen.html" user-service-ref="openIdUserService"/>
    		<form-login login-page="/Login.html" authentication-failure-url="/Login.html?error=true" always-use-default-target="true" default-target-url="/mainApplication/Main screen.html"/>
    	</http>
    	
    	<beans:bean id="rememberMeUserService" class="mypackage.CustomUserService">
    	</beans:bean>
    	
    	<!-- Common login shared entry-point for both Form and OpenID based logins -->	
    	<beans:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    		<beans:property name="loginFormUrl" value="/Login.html" />
    	</beans:bean>
    	
    	<authentication-manager alias="authenticationManager"/>
    	
    	<beans:bean id="MyCustomAuthenticationProvider" class="mypackage.CustomAuthenticationProvider">
    		<custom-authentication-provider />
    	</beans:bean>
    	
    	<beans:bean id="openIdAuthenticationProvider" class="org.springframework.security.providers.openid.OpenIDAuthenticationProvider">
    		<custom-authentication-provider />
    		<beans:property name="userDetailsService" ref="openIdUserService"/>
    	</beans:bean>
    	
    	<beans:bean id="openIdUserService" class="mypackage.OpenIDUserDetailsService"></beans:bean> 
    		
    	<!-- Great, now i want to include SSO based sign on -->
    	<!-- need to intercept a url of the form :   /myApp/customLogin/<key> where <key> is my token key   -->
    </beans:beans>
    as mentioned above, i need to track a url of the form : /myApp/customLogin/12345 where 1235 is the token key, we were initially using (code stripped down for simplicity)

    Code:
    <servlet-mapping>
    	<servlet-name>mySSOCapture</servlet-name>
    	<url-pattern>/myApp/*</url-pattern></servlet-mapping><servlet-mapping>
    	<servlet-name>MyServlet</servlet-name>
    	<url-pattern>/MyServlet</url-pattern>
    </servlet-mapping>
    What should i do here to enable spring security to help me manage this third authentication scheme ?

    a corollary question is : can i have many authentication providers in the same project ? if yes, then how can they be matched to different functionalities (eg one providing url based authentication, one providing anonomous auth, etc) ?

  • #2
    for ref, i have posted the same question at http://stackoverflow.com/questions/1...y-configuratio

    Comment

    Working...
    X