Menu
I would like to use spring security in a spring mvc application that consists of two modules -- a "frontend" and a management module. Both modules have their own dispatcher servlet (with different mappings) so they do have their own web context, but share the same root context.
The management module has its own authentication database and users should be able to log into the "frontend" and management module simultaneously with different credentials. Therefore I implemented two different UserDetailsServices.
I need two different AuthenticationManagers where both are responsible for different urls, corresponding to the servlets mappings.
How can I configure such a setup? Is it possible using java config?
Edit: until now I have the following configuration, which allows me to authorize users for the management module. The "frontend" modules authentication / authorization using the autowired frontendUserDetailsService is still missing.
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("frontend")
private UserDetailsService frontendUserDetailsService;
@Autowired
@Qualifier("management")
private UserDetailsService managementUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(managementUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Bean
@Qualifier("management")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/manage/**")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin();
}
}
347
You should create configuration that does a couple of things
Basically those are 3 different parts of configuration which all require their respective @Configuration class.
Something like the following should work.
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig {
@Configuration
@Order(1)
public static class FrontEndSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("frontend")
private UserDetailsService frontendUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(frontendUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/frontend/**")
.authorizeRequests()
.anyRequest()
.hasRole("USER")
.and()
.formLogin();
}
}
@Configuration
@Order(2)
public static class BackendSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("management")
private UserDetailsService managementUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(managementUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/manage/**")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin();
}
}
}
You probably need to tune the
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
