问题
Is it possible to have to have UserDetailsService implementations in a single web application ? To be more precise, my requirement is I have a Servlet which listens to http POST requests which needs to authenticated against a one type of user(lets say UserType 1), the Http POST request contains some fields that I could used to authentication user(user id, and some Hash String). Upon successful authentication user is again forwarded to another login page where again authentication happens this time user type is UserType 2. Here,
The UserType 1 and UserType 2 have two separate principal and credentials. I need to Http POST request parameters to flow to session of the UserType 2( I.e. session 2).
session 2 should survive till session 1 is destroyed.
I also guess I need to have two authentication entry points as well?
My gut feeling is that this is not possible(I wish I were wrong) !
Any clarifications or ideas regarding this?
回答1:
I am not sure how nested authentication may be implemented with Spring Security. But you can have two separate UserDetailsService implementations. Consider case when you have two types of URLs /** and /admin/**, and they can be used by two separate groups of users. Starting from Spring Security 3.1 you can use multiple http tags (see corresponding documentation):
<http pattern="/admin/**" authentication-manager-ref="adminAuthenticationManager">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
...
</http>
<authentication-manager id="adminAuthenticationManager" >
<authentication-provider user-service-ref="adminUserDetailsService"/>
</authentication-manager>
<bean id="adminUserDetailsService" class="com.mucompany.security.AdminUserDetailsService"/>
<!-- No pattern, so everything will be matched -->
<http authentication-manager-ref="adminAuthenticationManager">
<intercept-url pattern="/**" access="ROLE_USER" />
...
</http>
<authentication-manager id="userAuthenticationManager" >
<authentication-provider user-service-ref="publicUserDetailsService"/>
</authentication-manager>
<bean id="publicUserDetailsService" class="com.mucompany.security.PublicUserDetailsService"/>
You can even declare different entry points for each http tag using entry-point-ref attribute.
来源:https://stackoverflow.com/questions/18040298/two-separate-userdetailsservice-implementations