Exploring Spring Secuirty Series: part 13 to part 16

In spring security series parts 13 to 16, we revert back a bit to take a closer look at how spring security filters work. We clean up our configuration to allow us to have uri level security and method level security in place by part 16.

In subsequent parts of the series, we will continue on to look at the ACL feature of spring security.

part 13
part 14
part 15
part 16


Tags: , , ,

2 Responses to “Exploring Spring Secuirty Series: part 13 to part 16”

  1. Santiago Says:

    hello i nee to do something with AuthenticationFilters. here is my scenario
    i implment 3 Authentication Filter to do differents kind of “authentication credencial extraction”, all of these are different classes:
    1- on filter extract the credentials from a cookie
    2- on filter extract the credencial from a queryString i the url (like a token is only one value)
    3- the last filter extract the credencials from anoteher query String parametter (in fact these credentials are the user name and password but with specific names)

    These filters may be available or disabled in runtime, so i dont know what type or types of authentication mecanism the application would use (cookie, token username).

    Each filter create different typs of Authentication Objects witch are passed to the authenticationManager and then to the providers (there are more than 6 differents providers)

    i need to execute the authentication mecanism with only one url, for example if the user enter /login.execute the application should execute all the availabled filters in the application context in an specific order, and only if all fails the shoul forward to and error or login page.
    ass i see now this is only possible to do by setting differnts processingUrl to each filter.
    Is there any way to do this with only one url ?

  2. Ross Says:


    A great series. I intend to work my way through it. I have one question. Looking back to the example with concurrent session limiting, how would you go about limiting the concurrent sessions for all users but a demo user. So a restricted demo account could be set up with no limitation on concurrent usage.

    I have found no examples for this either with the old acegi which is what we are actually using or the new Spring Security module.

    Thanks in advance for your help.

    – Ross

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: