Spring Security - multiple authentication-providers

java spring authentication spring-security
11,438

Please keep in mind that this Spring Security XML namespace is just a neat way of organizing your XML. You could achieve exactly the same solution with plain <bean> config. That way you will be able to use ID, as usual. This blog post might be helpful for you.

Share:
11,438
light_303
Author by

light_303

Updated on June 04, 2022

Comments

  • light_303
    light_303 almost 2 years

    My web app has multiple authentication managers (one for API one for WEB access). The api should have a basic auth service only - configured via the spring security markup as seen below:

        <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:authentication-manager alias="apiAuthenticationManager">
        <security:authentication-provider ref="apiAuthenticationProvider" />
    </security:authentication-manager>

    <security:authentication-provider >
        <security:user-service>
            <security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
            <security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
        </security:user-service>
    </security:authentication-provider>
...

    i can not inline the authentication-provider since i want it to be overrideable by child-bean configs.

    my problem is that i can not define an alias/id on the security:authentication-provider element to reference it in the authentication-manager. Is there an easy workaround for this?

    Solution:

    i finally figured out how to do it using the namespace-way without diving into plain bean config :)

    <security:user-service id="apiUserDetailsService"> 
    <security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
    <security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
    </security:user-service>

<security:authentication-manager alias="apiAuthenticationManager">
    <security:authentication-provider user-service-ref="apiUserDetailsService"/>
</security:authentication-manager>

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Step by step login example using spring security 3.0 with hdbc
Spring Security get user info in rest service, for authenticated and not authenticated users
spring security get user id from DB
Spring SecurityContext returning null authentication on error pages
Spring Security Cookie + JWT authentication
How to get the role that a user logged in with in my controller using Spring Security
Configuring Spring Security 3.x to have multiple entry points
How can I authenticate a system user for scheduled processes in Spring?
Should I use OAuth (or what else) for the backend of a mobile app? - There is only *one* "third-party" application in such cases
Configure Spring Security without XML in Spring 4