0

My problem is to handle all requests firstly with basic authentication and then with custom form-login authentication.

I came from this Handling both form and HTTP basic authentication with different sources

But I want to use double authentication on ALL requests

So I want to achieve something like this:

<http>
    <intercept-url pattern="/**"  access="isAuthenticated()"/>
<http-basic />

    <intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login 
        login-page="/login" 
        default-target-url="/welcome" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
</http>

But I don't know is there any chance to do like this.

Thank you.

Community
  • 1
  • 1
Alex Ilyushchenko
  • 1
  • Possible, but I would advice against it. However, what problem did you meet? – holmis83 Jun 20 '16 at 13:48
  • I know that it sounds very strange, but my employer wants some double authorisation so user couldn't see our login form if he didn't pass first authorisation. It is closed system. – Alex Ilyushchenko Jun 20 '16 at 15:45
  • Maybe I misunderstood the question. Requiring successful Basic auth to use the login form? That makes no sense. – holmis83 Jun 20 '16 at 20:36
  • Yes, that's right, this makes no sense. But it is very complicated situation and I need to do basic + form authentication. So every request would pass firstly basic then form-login auth. If you can advise me how to achieve it, that would be great, because every example I found describes how to use or basic or form-login auth, but not both for all requests. – Alex Ilyushchenko Jun 21 '16 at 04:41

0 Answers0