Spring security with multiple login pages

Question

I am using Spring security to secure login to the application admin section with a username and password. But now my client need to have another login screen for the application clients section, where they will have their own usernames / passwords to login to the clients section. So far I've already implemented the admin section login successfully with the following spring-security.xml settings:

<security:http auto-config="true" use-expressions="true">
    <security:form-login login-page="/login"
        default-target-url="/admin/dashboard" always-use-default-target="true"
        authentication-failure-url="/login/admin?error_msg=wrong username or password" />
    <security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')" />        
    <security:logout logout-success-url="/login"/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider
        user-service-ref="adminServiceImpl">
    </security:authentication-provider>
</security:authentication-manager>

I've searched the web a lot trying to find how I can add the client section login screen, intercept-url(s), security authentication provider but couldn't find any info, so can someone please help me with any link to any tutorial / example, guide on how to do so?

Thanks

Answer 1

Example project of Spring MVC App with multiple login forms.

Three types of pages Normal/Member/Admin. If you try to access member page you are brought to Member Login form. If you try to access admin page you go to the Admin Login form.

https://github.com/eric-mckinley/springmultihttploginforms

Done using the ant regex request matcher in the seucrity xml config file.

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security.xsd">

<global-method-security secured-annotations="enabled" />

<http name="member" pattern="/member/*" request-matcher="ant"   auto-config="true" use-expressions="false">
    <csrf disabled="true"/>

    <intercept-url pattern="/member/home" access="ROLE_MEMBER" />
    <intercept-url pattern="/member/account" access="ROLE_MEMBER" />
    <intercept-url pattern="/member/orders" access="ROLE_MEMBER" />

    <form-login login-page="/member-login" always-use-default-target="false"/>
    <logout logout-url="/logout" logout-success-url="/home"/>
</http>

<http name="admin" request-matcher="regex"   auto-config="true" use-expressions="false">
    <csrf disabled="true"/>

    <intercept-url pattern="/admin/home" access="ROLE_ADMIN" />
    <intercept-url pattern="/admin/users" access="ROLE_ADMIN" />

    <form-login login-page="/admin-login" always-use-default-target="false"/>
    <logout logout-url="/logout" logout-success-url="/home"/>
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin" password="password" authorities="ROLE_ADMIN" />
            <user name="member" password="password" authorities="ROLE_MEMBER" />
            <user name="super" password="password" authorities="ROLE_ADMIN,ROLE_MEMBER" />
        </user-service>
    </authentication-provider>
</authentication-manager>