Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dtnboqux2017-04-13 21:46:28
Spring
dtnboqux, 2017-04-13 21:46:28

Spring Security has several different authorizations. How to implement?

Hello. Write a web project in Spring MVC. There will be several authorizations on the site, one by Email and Password, the second by a unique code, and 1 more (it doesn’t matter why). Here is the question. How to make multiple authorizations? Here is an example of my code with 1 authorization:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  @Qualifier("authenticationProvider")
  AuthenticationProvider authenticationProvider;

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/admin/**")
      .access("hasRole('ROLE_USER')").and().formLogin()
      .loginPage("/login").failureUrl("/login?error")
        .usernameParameter("username")
        .passwordParameter("password")
        .and().logout().logoutSuccessUrl("/login?logout").and().csrf();
  }
}

Thanks in advance

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander Kosarev, 2017-04-17
@jaxtr

For each authorization mechanism, you describe your configuration class inherited from WebSecurityConfigurerAdapter, and add the @Order annotation with a serial number to the configuration classes. Thus, Spring Security will bypass the configurations when requested and check their applicability to the request.
You can also narrow the applicability of the authorization mechanism using the http.antMatcher() filter method (not to be confused with antMatchers(), which is used for access settings).

Similar questions
T
Timur Evgazhukov2017-03-23 10:24:22
Why are requests with a large data size not passed to the handler in the Spring MVC controller? 2Reply
S
SerGio13132017-03-24 12:53:13
How to send json in response to "/login, /logout" in Spring? 0Reply
W
web_dev2017-03-31 14:50:15
Does anyone have a working example of "AbstractMongoEvent for Spring MongoDB cascade save on DBRef? 0Reply
H
hellhoundSE2019-08-30 03:51:04
Is there automatic JSON parsing in java pojo? 1Reply
R
revukvr2021-03-22 23:12:21
How to correctly make interactions between modules in Java Spring? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question