Menu
I am learning spring security these days. I need to know if we can achieve two-step login with spring security whereas both the logins are performed by two different custom authentication providers.
for example, User access a protected resource and gets redirected to a first page. this page ask for user id and other personal attribute. Once this page is submitted, then user is redirected to another page which asks for user id and password.
In short, protected resource must be accessible only if both the login pages evaluated successfully.
423
asked Jan 25 '26 10:01
A quite inventive is described on the following site
http://altfatterz.blogspot.de/2014/02/two-factor-authentication-with-spring.html
It boils down to implement the first authentication step using spring security with authority ROLE_STEPONE. And implement the second authentication step using Spring MVC in a separate controller. The controller then regenerates the Authentication object with an extra user authority. (e.g. ROLE_STEPTWO)
You can protect the pages then with the ROLE_STEPONE and ROLE_STEPTWO roles.
77
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
