Java 具有两个身份验证管理器的Spring安全性
问题在于第二个身份验证管理器覆盖了第二个身份验证管理器,即始终执行第二个身份验证管理器。在这里,我为我的项目中的两个不同模块使用两个自定义登录页,或者告诉我如何在一个项目中为两个自定义登录页应用Spring Security。您必须给出您的答案,并由Luke Taylor回答(任何阅读Spring Security源代码的人都会经常看到他的名字)我如何指定哪个引用哪个,你读过我喜欢的表单线程了吗?据我所知,他们只是通过添加id(也许还删除了AuthenticationManager ref)就成功了。此外,我感到奇怪的是,您使用XML配置实现Spring安全性。您的xsd说您正在使用Spring 4,您有没有理由不在代码中配置安全性(通过扩展Java 具有两个身份验证管理器的Spring安全性,java,spring,model-view-controller,Java,Spring,Model View Controller,问题在于第二个身份验证管理器覆盖了第二个身份验证管理器,即始终执行第二个身份验证管理器。在这里,我为我的项目中的两个不同模块使用两个自定义登录页,或者告诉我如何在一个项目中为两个自定义登录页应用Spring Security。您必须给出您的答案,并由Luke Taylor回答(任何阅读Spring Security源代码的人都会经常看到他的名字)我如何指定哪个引用哪个,你读过我喜欢的表单线程了吗?据我所知,他们只是通过添加id(也许还删除了AuthenticationManager ref)就成
WebSecurityConfigureAdapter
)
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http security="none" pattern="/resources/**"/>
<http use-expressions="true" auto-config="true" pattern="/rest/sales/**" authentication-manager-ref="salesAuth" disable-url-rewriting="true">
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')"/>
<form-login login-page="/rest/checkSales/salesLogin"
default-target-url="/rest/sales/getSalesManagerHome"
authentication-failure-url="/rest/checkSales/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/ogin_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true" >
<headers>
<cache-control />
</headers>
<intercept-url pattern="/rest/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')" />
<form-login login-page="/rest/check/adminLogin"
default-target-url="/rest/admin/adminDashBoard"
authentication-failure-url="/rest/check/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/login_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager erase-credentials="true">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<authentication-manager erase-credentials="true" alias="salesAuth">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
</beans:beans>