Can I have multiple security contexts with spring security?

Question

I have one security context definition that uses PreAuthenticatedProcessingFilterEntryPoint for the flex part of my application. How can I have another definition that will

Answer 1

It has been tricky to do until recently, but now it is easy!

Spring Security has added support for the scenario in version 3.1. It is currently available as a Release Candidate, implemented by SEC-1171. Details of the syntax are in the manual included with 3.1.

It's pretty simple to use. Basically you just define multiple http elements in your Spring Security configuration, one for each context. We're using it like this:

The key thing to note is the pattern="/admin/**" on the first http element. This tells Spring that all URLs under /admin are subject to that context instead of the default context — and thus URLs under /admin use your preauthorisation filter instead.