Announcement Announcement Module
No announcement yet.
Can i put 3 different authentication schemes in same spring security configuration ? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can i put 3 different authentication schemes in same spring security configuration ?

    Hi, My requirement is to provide:

    Userid password based authentication.
    Open id based authentication
    Url based authentication (its a custom sso impl we have)
    in the same project.

    I have tried to plug in Spring security into an existing project as (code stripped down for simplicity):

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns=""
    	<http auto-config="false">
    		<remember-me user-service-ref="rememberMeUserService" key="some custom key" /> <!-- TODO: Key made for testing reasons.... -->
    		<intercept-url pattern='/mainApplication/Main screen.html' access="ROLE_ADMIN"/>
    		<intercept-url pattern='/**' filters="none"/> <!-- Allow entry to login screen -->
    		<openid-login authentication-failure-url="/Login.html?error=true" default-target-url="/mainApplication/Main screen.html" user-service-ref="openIdUserService"/>
    		<form-login login-page="/Login.html" authentication-failure-url="/Login.html?error=true" always-use-default-target="true" default-target-url="/mainApplication/Main screen.html"/>
    	<beans:bean id="rememberMeUserService" class="mypackage.CustomUserService">
    	<!-- Common login shared entry-point for both Form and OpenID based logins -->	
    	<beans:bean id="entryPoint" class="">
    		<beans:property name="loginFormUrl" value="/Login.html" />
    	<authentication-manager alias="authenticationManager"/>
    	<beans:bean id="MyCustomAuthenticationProvider" class="mypackage.CustomAuthenticationProvider">
    		<custom-authentication-provider />
    	<beans:bean id="openIdAuthenticationProvider" class="">
    		<custom-authentication-provider />
    		<beans:property name="userDetailsService" ref="openIdUserService"/>
    	<beans:bean id="openIdUserService" class="mypackage.OpenIDUserDetailsService"></beans:bean> 
    	<!-- Great, now i want to include SSO based sign on -->
    	<!-- need to intercept a url of the form :   /myApp/customLogin/<key> where <key> is my token key   -->
    as mentioned above, i need to track a url of the form : /myApp/customLogin/12345 where 1235 is the token key, we were initially using (code stripped down for simplicity)

    What should i do here to enable spring security to help me manage this third authentication scheme ?

    a corollary question is : can i have many authentication providers in the same project ? if yes, then how can they be matched to different functionalities (eg one providing url based authentication, one providing anonomous auth, etc) ?

  • #2
    for ref, i have posted the same question at