With my team we have written Spring application + SAPUI5 portal using Spring Boot.
Web application is divided into three separate locations for example:
webapp:
- app1
- app2
- app3
To get access to those applications we implemented login page. Based on user role, we redirect users to exact app.
my spring application security looks like:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/app1/**/*.*")
.permitAll()
.antMatchers("/register.html")
.permitAll()
//
.antMatchers("/app2/*.*")
.hasRole("USER")
//
//
.antMatchers("/login*")
.permitAll()
.antMatchers("/soap/*")
.permitAll()
.antMatchers("/postLogin")
.authenticated()
//
.antMatchers("/app3/*")
//.permitAll()
.hasRole("ADMIN")
//
.anyRequest()
.authenticated()
// log in
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=loginError")
.defaultSuccessUrl("/postLogin")
// logout
.and().logout().logoutUrl("/**/logout")
.logoutSuccessUrl("/login").deleteCookies("JSESSIONID").and()
.csrf()
.disable()
and of course we have class with redirections. Now we must provide for each app , different login page. I tried to configure spring security to accept multiple login form on different pages but it don't work. Is it possible? I read documentation but it is inconclusive.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…