Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Ask a Question
Welcome To Ask or Share your Answers For Others

Categories

java - Spring boot - how to configure multiple login pages?

0 votes
98 views
in Technique[技术] by (71.8m points)

java - Spring boot - how to configure multiple login pages?

With my team we have written Spring application + SAPUI5 portal using Spring Boot. Web application is divided into three separate locations for example:

webapp: - app1 - app2 - app3

To get access to those applications we implemented login page. Based on user role, we redirect users to exact app.

my spring application security looks like:

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/app1/**/*.*")
                .permitAll()
                .antMatchers("/register.html")
                .permitAll()
                //
                .antMatchers("/app2/*.*")
                .hasRole("USER")
                //
                //
                .antMatchers("/login*")
                .permitAll()
                .antMatchers("/soap/*")
                .permitAll()
                .antMatchers("/postLogin")
                .authenticated()
                //
                .antMatchers("/app3/*")
                //.permitAll()
                .hasRole("ADMIN")
                //
                .anyRequest()
                .authenticated()
                // log in
                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error=loginError")
                .defaultSuccessUrl("/postLogin")
                // logout
                .and().logout().logoutUrl("/**/logout")
                .logoutSuccessUrl("/login").deleteCookies("JSESSIONID").and()
                .csrf()
                .disable()

and of course we have class with redirections. Now we must provide for each app , different login page. I tried to configure spring security to accept multiple login form on different pages but it don't work. Is it possible? I read documentation but it is inconclusive.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You should be able to do this by configuring multiple HttpSecurity objects using different instances. It is similar to this question and the Spring Security documentation here. Basically you define multiple static classes in your configuration class that extend WebSecurityConfigurerAdapter. I am using this myself to configure different types of auth (form/basic) based on the URLS and did a quick test to confirm it. I believe something like this in your example (if I am reading your intent correctly):

@EnableWebSecurity
public class MultiHttpSecurityConfig {

    @Configuration
    @Order(1)
    public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .antMatchers("/app1/**/*.*")
                    .permitAll()
                    .antMatchers("/register.html")
                    .permitAll()
                    .anyRequest()
                    .authenticated()
                    // log in
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .failureUrl("/login?error=loginError")
                    .defaultSuccessUrl("/postLogin")
                            // logout
                    .and().logout().logoutUrl("/**/logout")
                    .logoutSuccessUrl("/login").deleteCookies("JSESSIONID").and()
                    .csrf()
                    .disable();
        }
    }

    @Configuration
    public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .antMatchers("/app2/*.*")
                    .hasRole("USER")
                            // log in
                    .and()
                    .formLogin()
                    .loginPage("/login2")
                    .failureUrl("/login2?error=loginError")
                    .defaultSuccessUrl("/postLogin")
                            // logout
                    .and().logout().logoutUrl("/**/logout")
                    .logoutSuccessUrl("/login2").deleteCookies("JSESSIONID").and()
                    .csrf()
                    .disable();
        }
    }
}

Note that these are not really different application instances so you won't be redirected to a login if you authenticate as a certain user and then go to an area where you are not authorized.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

Just Browsing Browsing

2.1m questions

2.1m answers

60 comments

56.9k users

Most popular tags

Powered by Question2Answer
Donate
Theme by Q2A Market&&OStack.cn
...