帶有兩個身份驗證管理器的Spring-Security

Question

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd 
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> 



    <http security="none" pattern="/resources/**"/> 
    <http use-expressions="true" auto-config="true" pattern="/rest/sales/**" authentication-manager-ref="salesAuth" disable-url-rewriting="true"> 
      <intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')"/> 
     <form-login login-page="/rest/checkSales/salesLogin" 
      default-target-url="/rest/sales/getSalesManagerHome" 
      authentication-failure-url="/rest/checkSales/adminLogin?error" 
      username-parameter="emailId" 
      password-parameter="password" 
      login-processing-url="/auth/ogin_check" 
      always-use-default-target="true" 
      /> 
     <logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" /> 
     <csrf /> 
    </http> 

    <!-- enable use-expressions --> 
    <http auto-config="true" use-expressions="true" > 
     <headers> 
      <cache-control /> 
     </headers> 
     <intercept-url pattern="/rest/admin/**" access="hasRole('ROLE_ADMIN')" /> 
     <intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')" /> 
     <form-login login-page="/rest/check/adminLogin" 
      default-target-url="/rest/admin/adminDashBoard" 
      authentication-failure-url="/rest/check/adminLogin?error" 
      username-parameter="emailId" 
      password-parameter="password" 
      login-processing-url="/auth/login_check" 
      always-use-default-target="true" 
      /> 
     <logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" /> 
     <csrf /> 
    </http> 

    <!-- Select users and user_roles from database --> 
    <authentication-manager erase-credentials="true"> 
     <authentication-provider > 
      <password-encoder ref="encoder" /> 
      <jdbc-user-service data-source-ref="dataSource" 
       users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?" 
       authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" /> 
     </authentication-provider> 
    </authentication-manager> 

    <authentication-manager erase-credentials="true" alias="salesAuth"> 
     <authentication-provider > 
      <password-encoder ref="encoder" /> 
      <jdbc-user-service data-source-ref="dataSource" 
       users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?" 
       authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" /> 
     </authentication-provider> 
    </authentication-manager> 
    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> 
     <beans:constructor-arg name="strength" value="10" /> 
    </beans:bean> 
</beans:beans> 

問題是第二個身份驗證管理器正在重寫anthor身份驗證管理器，即總是第二個身份驗證管理器正在執行。在這裏，我在我的項目中爲兩個不同模塊使用了兩個自定義登錄頁面，或者告訴我如何在一個項目中爲兩個自定義登錄頁面應用Spring Security。

Answer 1

您必須爲您的<身份驗證管理器>提供id屬性而不是別名，否則第二個聲明將覆蓋第一個聲明。然後我認爲你應該刪除authentication-manager-ref屬性。

這已經被問過老泉forum和盧克·泰勒（誰看了春季安全的源代碼將看到他的名字很多）回答here