-1
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http security="none" pattern="/resources/**"/>
<http use-expressions="true" auto-config="true" pattern="/rest/sales/**" authentication-manager-ref="salesAuth" disable-url-rewriting="true">
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')"/>
<form-login login-page="/rest/checkSales/salesLogin"
default-target-url="/rest/sales/getSalesManagerHome"
authentication-failure-url="/rest/checkSales/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/ogin_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true" >
<headers>
<cache-control />
</headers>
<intercept-url pattern="/rest/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/rest/sales/**" access="hasRole('ROLE_SALESMANAGER')" />
<form-login login-page="/rest/check/adminLogin"
default-target-url="/rest/admin/adminDashBoard"
authentication-failure-url="/rest/check/adminLogin?error"
username-parameter="emailId"
password-parameter="password"
login-processing-url="/auth/login_check"
always-use-default-target="true"
/>
<logout invalidate-session="true" logout-success-url="/rest/check/adminlogout" delete-cookies="JSESSIONID" />
<csrf />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager erase-credentials="true">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<authentication-manager erase-credentials="true" alias="salesAuth">
<authentication-provider >
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id,password, organization_staff_id from organization_staff where email_id=?"
authorities-by-username-query="select email_id, staff_type from organization_staff where email_id=?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
</beans:beans>
問題是第二個身份驗證管理器正在重寫anthor身份驗證管理器,即總是第二個身份驗證管理器正在執行。在這裏,我在我的項目中爲兩個不同模塊使用了兩個自定義登錄頁面,或者告訴我如何在一個項目中爲兩個自定義登錄頁面應用Spring Security。帶有兩個身份驗證管理器的Spring-Security
我怎麼可以指定哪些指<認證 - manager>, –
您是否閱讀過我喜歡的表單線程,從我的理解中可以看出,他們只是添加了id(並且可能刪除了_authentication-manager-ref_)。另外,對於Spring安全性使用XML配置,我感到很奇怪。你的xsd說你使用的是Spring 4,是否有什麼理由不在代碼中配置安全性(通過擴展'''WebSecurityConfigurerAdapter''') –