I would like to use spring security in the spring mvc application, which consists of two modules - the "frontend" and the control module. Both modules have their own dispatch servlet (with different mappings), so they have their own web context, but have the same root context.
The management module has its own authentication database, and users should be able to log into the frontend module and manage it simultaneously with different credentials. So I implemented two different UserDetailsServices.
I need two different ones AuthenticationManager, where both of them are responsible for different URLs corresponding to the servlet mappings.
How to configure such a setting? Is it possible to use java config?
Edit: so far I have the following configuration, which allows me to allow users a control module. Authentication / authorization of frontend modules using autwired frontendUserDetailsServiceis still missing.
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("frontend")
private UserDetailsService frontendUserDetailsService;
@Autowired
@Qualifier("management")
private UserDetailsService managementUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(managementUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Bean
@Qualifier("management")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/manage/**")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin();
}
}
source
share