Spring 3.x配置多个登录页面

Question

我正在使用Spring 3.1进行身份验证.

我的要求:

• 两个不同的登录页面.一个用于客户,另一个用于员工.
• 每次成功验证后,都会转发到相应的成功URL.

我的春季安全配置:

<sec:http pattern="/resources/**" security="none" />
<sec:http auto-config="true">
    <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <sec:intercept-url pattern="/customer/**" access="ROLE_CUSTOMER" />
    <sec:intercept-url pattern="/employee/**" access="ROLE_EMPLOYEE" />
</sec:http>

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
    <sec:filter-chain-map path-type="ant">
        <sec:filter-chain pattern="/**"
            filters="authenticationProcessingFilterForCustomer,authenticationProcessingFilterForEmployee" />
    </sec:filter-chain-map>
</bean>

<bean id="authenticationProcessingFilterForCustomer"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManagerForCustomer" />
    <property name="filterProcessesUrl" value="/j_spring_security_check_for_customer" />
    <property name="authenticationSuccessHandler" ref="customerSuccessHandler" />
    <property name="authenticationFailureHandler" ref="customerFailureHandler" />
</bean>
<bean id="customerSuccessHandler"
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    <property name="defaultTargetUrl" value="/customer/index.html" />
</bean>
<bean id="customerFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/customer.html?login_error=1" />
</bean>
<bean id="authenticationManagerForCustomer"
    class="org.springframework.security.authentication.ProviderManager">
    <property name="providers">
        <list>
            <ref bean="customCustomerAuthenticationProvider" />
        </list>
    </property>
</bean>
<bean id="customCustomerAuthenticationProvider" class="com.edu.CustomerCustomAuthenticationProvider">
    <property name="userDetailsService">
        <bean class="com.edu.CustomerUserDetailsService" />
    </property>
</bean>

<bean id="authenticationProcessingFilterForEmployee"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManagerForEmployee" />
    <property name="filterProcessesUrl" value="/j_spring_security_check_for_employee" />
    <property name="authenticationSuccessHandler" ref="employeeSuccessHandler" />
    <property name="authenticationFailureHandler" ref="employeeFailureHandler" />
</bean>
<bean id="employeeSuccessHandler"
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    <property name="defaultTargetUrl" value="/employee/index.html" />
</bean>
<bean id="employeeFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/employee.html?login_error=1" />
</bean>
<bean id="authenticationManagerForEmployee"
    class="org.springframework.security.authentication.ProviderManager">
    <property name="providers">
        <list>
            <ref bean="customEmployeeAuthenticationProvider" />
        </list>
    </property>
</bean>
<bean id="customEmployeeAuthenticationProvider" class="com.edu.EmployeeCustomAuthenticationProvider">
    <property name="userDetailsService">
        <bean class="com.edu.EmployeeUserDetailsService" />
    </property>
</bean>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider ref="customCustomerAuthenticationProvider" />
    <sec:authentication-provider ref="customEmployeeAuthenticationProvider" />
</sec:authentication-manager>

CustomAuthenticationProvider都实现了Support方法,如下所示:

public boolean supports(Class<? extends Object> authentication) {
    return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

启动应用程序后,在尝试进行身份验证时,登录页面中显示的消息为:

您的登录尝试未成功,请重试.
原因:未找到org.springframework.security.authentication.UsernamePasswordAuthenticationToken的AuthenticationProvider

我正在使用Spring 3.1.任何帮助赞赏.

谢谢

Answer 1

您应该将“authenticationProcessingFilterForCustomer”和“authenticationProcessingFilterForEmployee”bean 中的authenticationManager 引用指向正确的bean，即具有提供程序的“authenticationManager”。无需定义“authenticationManagerForCustomer”和“authenticationManagerForEmployee”bean。