我不確定Spring Security如何實現嵌套身份驗證。但是你可以有兩個獨立的UserDetailsService
實現。考慮如果您有兩種類型的網址/**
和/admin/**
,並且它們可以由兩個單獨的用戶組使用。使用Spring Security 3.1開始,您可以使用多個HTTP標籤(see corresponding documentation):
<http pattern="/admin/**" authentication-manager-ref="adminAuthenticationManager">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
...
</http>
<authentication-manager id="adminAuthenticationManager" >
<authentication-provider user-service-ref="adminUserDetailsService"/>
</authentication-manager>
<bean id="adminUserDetailsService" class="com.mucompany.security.AdminUserDetailsService"/>
<!-- No pattern, so everything will be matched -->
<http authentication-manager-ref="adminAuthenticationManager">
<intercept-url pattern="/**" access="ROLE_USER" />
...
</http>
<authentication-manager id="userAuthenticationManager" >
<authentication-provider user-service-ref="publicUserDetailsService"/>
</authentication-manager>
<bean id="publicUserDetailsService" class="com.mucompany.security.PublicUserDetailsService"/>
您甚至可以使用entry-point-ref屬性的每個HTTP標籤聲明不同的切入點。