Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
269 views
in Technique[技术] by (71.8m points)

java - Two realms in same application with Spring Security?

We're building a web application that is available to both authenticated and anonymous users. If you decide not to register/login you only have a limited set of features. User authentication is done over OpenID with Spring Security. That works fine.

However, the application also comes with an admin UI that is deployed at <host>/<context-root>/admin. Can we have two separate realms with Spring Security (e.g. basic auth for /admin/**)? How does that have to be configured?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Spring Security has added support for this scenario in version 3.1, which is currently available as a Release Candidate. It was implemented by SEC-1171 and details of the syntax are in the manual included with 3.1.

However it's pretty simple to use. Basically you just define multiple http elements in your Spring Security configuration, one for each realm. We're using it like this:

<!-- Configure realm for system administration users -->
<security:http pattern="/admin/**" create-session="stateless">
    <security:intercept-url pattern='/**' access='ROLE_ADMIN' requires-channel="https" />
    <security:http-basic/>  
</security:http>


<!-- Configure realm for standard users -->
<security:http auto-config="true" access-denied-page="/error/noaccess" use-expressions="true" create-session="ifRequired">
    <security:form-login login-page="/login"
            ...
            ...
</security:http>

The key thing to note is the pattern="/admin/**" on the first http element. This tells Spring that all URLs under /admin are subject to that realm instead of the default realm — and thus URLs under /admin use basic authentication instead.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...