1

I am building a Spring application that needs to support multiple user identity providers.

If a user enters the site through the ../architect/openid/... URL path, Spring security should use OpenID login process, if the user enters the site through ../architect/webauth/.., the GenericFilterBean for company's proprietary identity management system should be used. It should also later support Facebook, Twitter, and GitHub login.

I imagine that each provider should have it's own Filter, UserDetailsService, Authentication Manager, entry-point-ref, etc. There is practically nothing standard at all about our crummy proprietary system which is why that filter must extend GenericFilterBean instead of some nice, more abstract subclass.

All the recent tutorials available on Spring Security OpenID use special OpenID configuration tags that do not appear to allow much flexibility.

Is what I want to do possible?

I have Spring Security 3.2 and Spring 4.0

Vance Cagle
  • 123
  • 1
  • 9
  • One option is to define separate filter chains for each login mechanism (using the different paths you mention to construct the `pattern` attribute for each). See [my answer here](http://stackoverflow.com/questions/9302795/handling-both-form-and-http-basic-authentication-with-different-sources/9303631#9303631) which shows how to do it for basic and form login. – Shaun the Sheep Mar 06 '14 at 22:19

0 Answers0