Spring Security - multiple authentication-providers
Please keep in mind that this Spring Security XML namespace is just a neat way of organizing your XML. You could achieve exactly the same solution with plain <bean>
config. That way you will be able to use ID, as usual. This blog post might be helpful for you.
light_303
Updated on June 04, 2022Comments
-
light_303 almost 2 years
My web app has multiple authentication managers (one for API one for WEB access). The api should have a basic auth service only - configured via the spring security markup as seen below:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:authentication-manager alias="apiAuthenticationManager"> <security:authentication-provider ref="apiAuthenticationProvider" /> </security:authentication-manager> <security:authentication-provider > <security:user-service> <security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" /> <security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" /> </security:user-service> </security:authentication-provider> ...
i can not inline the authentication-provider since i want it to be overrideable by child-bean configs.
my problem is that i can not define an alias/id on the security:authentication-provider element to reference it in the authentication-manager. Is there an easy workaround for this?
Solution:
i finally figured out how to do it using the namespace-way without diving into plain bean config :)
<security:user-service id="apiUserDetailsService"> <security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" /> <security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" /> </security:user-service> <security:authentication-manager alias="apiAuthenticationManager"> <security:authentication-provider user-service-ref="apiUserDetailsService"/> </security:authentication-manager>