Spring Security 3.1.0.M1 - Direct an http block to call one authentication provider

Question

I'm using spring security 3.1.0 and I have two http blocks. One is used for a REST web services layer and I would like only call my userManager authentication provider and not both authentication providers. Is there any way to direct an http block towards one particular auth provider?

    <http pattern="/services/**" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER" />
        <http-basic />
    </http>
    <http access-denied-page="/auth/denied.html">
        <form-login
            login-processing-url="/j_spring_security_check.html"
            login-page="/auth/login.html"
            default-target-url="/registered/home.html"
            authentication-failure-url="/auth/login.html" />
         <logout invalidate-session="true" 
              logout-url="/auth/logout.html" 
              success-handler-ref="DCLogoutSuccessHandler"/>
        <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter" />
    </http>

    <authentication-manager alias="am">
        <authentication-provider user-service-ref="userManager">
                <password-encoder ref="passwordEncoder" />
        </authentication-provider>
        <authentication-provider ref="xmlAuthenticationProvider" />
    </authentication-manager>

score 0 · Accepted Answer · edited May 23 '17 at 11:55

0

Pleas see configuring-spring-security-3-x-to-have-multiple-entry-points. You have to create a separate token and override supports method of authentication provider so that the provider processes only that token.

edited May 23 '17 at 11:55

Community

1
1

answered Apr 20 '11 at 13:44

Ritesh

7,472
2
39
43

Spring Security 3.1.0.M1 - Direct an http block to call one authentication provider

1 Answers1