I'm building a project that provides 2 login forms, one for member and another one for agent, both of them are different so that I have 2 tables (member and agent). I want to make login forms for both of them with different mappings. /pages/agent is the form for agent, and / (index.html of project) is for member. /pages is my dispatcher. I have tried many ways without success.
Here's my security context :
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/pages/*" authentication-manager-ref="agentAuth">
<intercept-url pattern="/pages/agentprofile*" access="ROLE_AGENT" />
<form-login login-page="/pages/agent" default-target-url="/pages/agentprofile" />
<logout logout-success-url="/pages/logout" logout-url="/pages/j_spring_security_logout" delete-cookies="JSESSIONID" />
</http>
<authentication-manager alias="agentAuth" id="agentAuth">
<authentication-provider >
<password-encoder hash="md5" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, enable from agent where USERNAME=?"
authorities-by-username-query="select a.username, r.namaRole from agent a, role r where r.idRole = a.idRole and a.username = ?" />
</authentication-provider>
</authentication-manager>
<http authentication-manager-ref="memberAuth">
<intercept-url pattern="/pages/member*" access="ROLE_USER" />
<intercept-url pattern="/pages/myorder*" access="ROLE_USER" />
<intercept-url pattern="/pages/voucherbelanja*" access="ROLE_USER" />
<intercept-url pattern="/pages/rewardpoint*" access="ROLE_USER" />
<intercept-url pattern="/pages/myreview*" access="ROLE_USER" />
<intercept-url pattern="/pages/voucherhotel*" access="ROLE_USER" />
<form-login login-page="/" default-target-url="/pages/member"
authentication-failure-url="/pages/loginfailed" />
<form-login login-page="/pages/loginfailed"
default-target-url="/pages/member" authentication-failure-url="/pages/loginfailed"
authentication-success-handler-ref="loginSucessHandler" />
<logout logout-success-url="/pages/logout" logout-url="/pages/j_spring_security_logout" delete-cookies="JSESSIONID"/>
</http>
<authentication-manager alias="memberAuth" id="memberAuth">
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, enable from member where USERNAME=?"
authorities-by-username-query="select m.username, r.namaRole from member m, role r where r.idRole = m.idRole and m.username = ?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="loginSuccessHandler" class="com.klik.service.LoginSuccessHandler" />
And here's my spring security filter in web.xml:
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<url-pattern>/pages/*</url-pattern>
</filter-mapping>
I am also trying to do similar thing and failed. So I googled to this post.
What's your problem? what kind of error you got?
From you config, I think maybe there is some problem:
1) You first config,
<http pattern="/pages/*"It will match all url start with 'pages', then the member url can not work.2) in your second config, there are 2 login-form.
3) in both config, you have same logout url. is it proper? I mean, how spring security decide which realm will logout?