Combining namespace based configuration with different authentication methods in spring-security


Combining namespace based configuration with different authentication methods in spring-security



I'm trying to get spring-security to work with a project where there is both a form login component needed (for website access) and a http-basic or http-digest component for web services. Now we started out with the namespace based configuration, e.g. a spring-security.xml file with stuff like:

<http auto-config="true">     <intercept-url...>     ... </http> 

But you have to go with form-based as default or http-basic as default (i.e. this only configures one filter chain). What I want is for some stuff to never redirect to a form and just use http-basic or equivalent. The manual does seem to cover this, only if you follow their advice, you'll end up having to define own filter chains for everything.

So I was wondering, is there really no other way? Is there perhaps a way I can reuse the filter chain introduced by the http element for those elements that can still use the old scheme? The namespace based config is really handy for us since it's easy to read and understandable, whereas a list of bean definitions is less so...




“NoClassDefFoundError: Could not initialize class” error

1:



How to unit test a Spring MVC controller using @PathVariable?


retrieve proxied instance from spring


Junit4 : expected=Exception not working with SPRING

2:



Hidden features of Spring framework? [closed]
I'll answer this myself as nobody seems to be going to.


Why doesn't AspectJ compile-time weaving of Spring's @Configurable work?
It seems the answer to this one is "no", I'm now using an almost entirely beans based config.

Answers that contradict me are always welcome of course.

:-).



82 out of 100 based on 62 user ratings 862 reviews

*