你无需创建/j_spring_security_check_for_employee
和/j_security_check_for_customer filterProcessingUrl
。
在定制登录中LoginFilter
,你需要为员工和客户创建不同的令牌。
步骤如下:
使用默认值UsernamePasswordAuthenticationToken
进行员工登录。
创建CustomerAuthenticationToken
用于客户登录。进行扩展AbstractAuthenticationToken
,以使其类类型不同于UsernamePasswordAuthenticationToken
。
<security:http>
<security:custom-filter position="FORM_LOGIN_FILTER" ref="customformLoginFilter" />
</security:http>
if (radiobutton_param value employee) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
setDetails(whatever);
return getAuthenticationManager().authenticate(authRequest);
} else if (radiobutton_param value customer) {
CustomerAuthenticationToken authRequest = new CustomerAuthenticationToken(username, password);
setDetails(whatever);
return getAuthenticationManager().authenticate(authRequest);
}
支持重写supports
方法。EmployeeCustomAuthenticationProviderUsernamePasswordAuthenticationToken
支持重写supports
方法。CustomerCustomAuthenticationProviderCustomerAuthenticationToken
@Override
public boolean supports(Class<?> authentication) {
return (CustomerAuthenticationToken.class.isAssignableFrom(authentication));
}
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref='employeeCustomAuthenticationProvider ' />
<security:authentication-provider ref='customerCustomAuthenticationProvider ' />
</security:authentication-manager>