Spring security: multi-step authorization?

N

Nikita Kalyuzhny2015-12-09 15:59:55

Java

Nikita Kalyuzhny, 2015-12-09 15:59:55

Recently, I was assigned to develop an enterprise Web application for internal use. One of the main requirements was a two-step authorization according to the principle:
Step No. 1: a standard form for entering a login and password;
Step number 2: the form for selecting the department and position on behalf of which it is authorized.
The fact is that the same person can hold different positions in different departments or within the same department. Differentiation of access rights to the application is carried out in a not quite traditional way: by a combination of a unit and a position in it. After some deliberation, it was decided to do on Spring boot.
Actually, the question is: are there any materials that can offer a solution to the problem of multi-step authorization?
I found various intermediate solutions, such as: altfatterz.blogspot.de/2014/02/two-factor-authenti... However, they do not contain the necessary: authorization in them occurs immediately on the first step, on the second, additional control is simply exercised.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

aol-nnov, 2015-12-09
@aol-nnov

2-factor auth: something you know + something you have
In my opinion, you have nothing related to authorization in the second step. so why not boil it all into one shape?