Can Spring Security support multiple entry points?

2020-05-27 04:26发布

I mean need different:

  • Login URL
  • Login out url
  • session time url
  • authentication provider
  • error page
  • css

for different entry point.

Is this possible?

3条回答
Summer. ? 凉城
2楼-- · 2020-05-27 04:53

From 3.1.0 (which is currently beta) it will support multiple <http> elements in the namespace.

So short answer:

In 3.1.x yes.

In 3.0.5.RELEASE no.

Longer aswer:

Here is additional info, check the links in the comments also.


I had a similar problem once, since I had multiple entry points.

A good way IMO would be to make a new login page which decides which login page to redirect to or even calls the logic of the other entry points. Then you can point spring to the new page.

I'm pretty sure this can be done inside the filter chain, but I wouldn't recommend it since you will need a lot of manual coding and bean definitions. Generally I don't think 3.0.5 was designed for multiple entry points.

查看更多
劳资没心,怎么记你
3楼-- · 2020-05-27 04:58

With multiple <http../> elements, you can achieve most of what you want but the authentication manager is going to be common and that means authentication providers are going to be common. See the issue faced by @David Parks in the post Spring Security 3.1.0.RC1: With multiple elements why can I only register one authentication manager?.

You can see my answers to similar questions such as Configuring Spring Security 3.x to have multiple entry points and Authenticate user using external webservice in grails to develop custom code to execute entry point specific authentication providers. This can be implemented in 3.0.5 as well.

You can implement solution in 3.0.5 without multiple <http../> elements but you will be need to develop custom code to handle logout and error pages.

查看更多
贪生不怕死
4楼-- · 2020-05-27 05:07

There is org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint since 3.0.2. It might help.

查看更多
登录 后发表回答