I have two different repository for normal user and admin and separate url endpoints to authenticate. I want the authentication manager to use separate UserDetailsService
for the endpoints since both normal and admin users can have same username and password but different repositories.
Example: if the endpoint hit is user_login then UserDetailsService1 and if the endpoint hit is admin_login then UserDetailsService2 How can I achieve this?
The HttpSecurity.formLogin DSL only supports a single log in URL because that is what is most common. However, you can do this by explicitly registering a second
UsernamePasswordAuthenticationFilter
. The documentation has some nice diagrams of how form based log in works.I created a sample (make sure to use the linked branch). Below is a summary and description of what is happening:
As mentioned above you are responsible for creating the log in pages and ensuring they post to the correct URLs. The first step is to create a controller that maps the URLs to the views you want to display. Here we use a single Controller for convenience, but you can split this up:
Then you need to have two views. The first view is admin_login.html. In a Boot + Thymeleaf application something like this would be located in
src/main/resources/templates/user_login.html
This is all detailed in the link I provided above. The key is that it submits a POST to
/user_login
with HTTP parametersusername
andpassword
.You need a similar view for the admin login that does a POST to
/admin_login
with HTTP parametersusername
andpassword
.