Two separate UserDetailsService Implementations

后端未结

关注

 1  899

Is it possible to have to have UserDetailsService implementations in a single web application ? To be more precise, my requirement is I have a Servlet which listens to http POST

相关标签:

1条回答

不要未来只要你来

2021-01-26 16:51

I am not sure how nested authentication may be implemented with Spring Security. But you can have two separate UserDetailsService implementations. Consider case when you have two types of URLs /** and /admin/**, and they can be used by two separate groups of users. Starting from Spring Security 3.1 you can use multiple http tags (see corresponding documentation):

<http pattern="/admin/**" authentication-manager-ref="adminAuthenticationManager">
    <intercept-url pattern="/**" access="ROLE_ADMIN" />
    ...
</http>

<authentication-manager id="adminAuthenticationManager" >
    <authentication-provider user-service-ref="adminUserDetailsService"/>
</authentication-manager>

<bean id="adminUserDetailsService" class="com.mucompany.security.AdminUserDetailsService"/>

<!-- No pattern, so everything will be matched -->
<http authentication-manager-ref="adminAuthenticationManager">
    <intercept-url pattern="/**" access="ROLE_USER" />
    ...
</http>

<authentication-manager id="userAuthenticationManager" >
    <authentication-provider user-service-ref="publicUserDetailsService"/>
</authentication-manager>

<bean id="publicUserDetailsService" class="com.mucompany.security.PublicUserDetailsService"/>

You can even declare different entry points for each http tag using entry-point-ref attribute.

0 讨论(0)