0

I have a webproject with spring security. I have different roles, such as ROLE_ADMIN, ROLE_USER, ROLE_TESTER, ROLE_ANONYMOUS with different intercept-urls, like:

<intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/secure/**" access="ROLE_USER,ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN" />

Now, if someone tries to access /secure/admin/user/list.mvc, I want him to be redirected to another login form, than the normal one:

<form-login  login-processing-url="/j_spring_security_check" login-page="/start.mvc"
       authentication-success-handler-ref="authenticationSuccessHandler"
       authentication-failure-handler-ref="authenticationFailureHandler" 
/>

Is there any possibility to do so?

DonMarco
  • 405
  • 2
  • 14
  • 34
  • check this one: http://stackoverflow.com/questions/7539923/spring-3-x-configuration-for-multiple-login-pages – abalogh Feb 14 '13 at 09:08

1 Answers1

0

Using Spring Security >= 3.1 you can have multiple http elements similar to this:

<!-- Configure realm for system administration users -->
<security:http pattern="/secure/admin/**" create-session="stateless">
    <security:intercept-url pattern="/**" access='ROLE_ADMIN' requires-channel="https" />
    ...form login... etc
</security:http>


<!-- Configure realm for standard users -->
<security:http auto-config="true" access-denied-page="/error/noaccess" use-expressions="true" create-session="ifRequired">
    <security:form-login login-page="/login"
            ...
            ...
</security:http>
Marcel Stör
  • 22,695
  • 19
  • 92
  • 198