具有多个登录页面的Spring Security [英] Spring security with multiple login pages
问题描述
我正在使用Spring安全性来保护使用用户名和密码登录到应用程序管理员部分.但是现在我的客户需要为应用程序客户部分提供另一个登录屏幕,在该屏幕上,他们将拥有自己的用户名/密码来登录客户部分.到目前为止,我已经使用以下spring-security.xml设置成功实现了admin部分登录:
I am using Spring security to secure login to the application admin section with a username and password. But now my client need to have another login screen for the application clients section, where they will have their own usernames / passwords to login to the clients section. So far I've already implemented the admin section login successfully with the following spring-security.xml settings:
<security:http auto-config="true" use-expressions="true">
<security:form-login login-page="/login"
default-target-url="/admin/dashboard" always-use-default-target="true"
authentication-failure-url="/login/admin?error_msg=wrong username or password" />
<security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')" />
<security:logout logout-success-url="/login"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="adminServiceImpl">
</security:authentication-provider>
</security:authentication-manager>
我在网上进行了大量搜索,试图找到如何添加客户端部分登录屏幕,拦截URL,安全身份验证提供程序,但找不到任何信息,所以有人可以帮助我吗链接到任何教程/示例,如何进行操作的指南?
I've searched the web a lot trying to find how I can add the client section login screen, intercept-url(s), security authentication provider but couldn't find any info, so can someone please help me with any link to any tutorial / example, guide on how to do so?
谢谢
推荐答案
根据
从Spring Security 3.1开始,现在可以使用多个http
为以下元素定义单独的安全筛选器链配置的元素
不同的请求模式.如果从中省略了pattern属性
一个http元素,它匹配所有请求.
From Spring Security 3.1 it is now possible to use multiple http
elements to define separate security filter chain configurations for
different request patterns. If the pattern attribute is omitted from
an http element, it matches all requests. 每个元素都会在内部FilterChainProxy和应映射到其的URL模式内创建一个过滤器链.元素将按照声明的顺序添加,因此必须再次声明最特定的模式. Each element creates a filter chain within the internal FilterChainProxy and the URL pattern that should be mapped to it. The elements will be added in the order they are declared, so the most specific patterns must again be declared first. 因此,从本质上讲,您需要两个 So, essentially you need two 此处有详细的教程:
查看全文
<http> 元素,每个元素具有不同的pattern属性.<http> elements each with a different pattern attribute.
