Multiple Login endpoints Spring Security OAuth2

Question

I'm trying to implement multiple login strategies for different user roles (Spring Security OAuth2 with Spring Boot 2), and each strategy should use a different endpoint. I have 3 user types, REGULAR, EXTERNAL, CLIENT, where regular logs in vía username/password, external logs in via documentId/key, and client does some SMS shenanigans before to acquire the current password, and it logs with phone/password. They can already log in from a regular website, but they'll have mobile applications for each role.

I've tried to create multiple AuthorizationServer instances with @EnableAuthorizationServer, each one with the config, but it only picks up the last one. Each role has a different UserDetailsService impl, and exactly one app created in the DB. I wanted to expose them so that client apps use /client/oauth/..., regular apps use /regular/oauth/... and external apps use /external/oauth/... How can I achieve this?

I ended up separating it into microservices, so this part of the backend was dealt with a custom service in another language. — Desiderantes, Jul 05 '19 at 21:03

score 1 · Accepted Answer · edited Mar 29 '18 at 03:06

1

If you are using the spring security and oauth2 and you want to get many different login endpoint you may need to custom AuthenticationEntryPoint.

@Component
public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
        AuthenticationException authException) throws IOException, ServletException {
        String clientId = request.getParameter("client_id");
        String redirectUrl = "/login";
        HttpSession session = request.getSession();
        session.setAttribute(SessionSaveAttribute.CLIENT_ID_ATR, clientId);
        //echoSessionAtr(request);
        redirectStrategy.sendRedirect(request, response, redirectUrl);
    }

}

So you may can can custom the login endpoint by make your condition.

if(clientId=="REGULAR_CLIENT_ID"){
    redirectUrl = "regular/login"
} else if(clientId=="SPECIAL_CLIENT_ID"){
    redirctUrl = "...";
}

edited Mar 29 '18 at 03:06

kakabali

3,824
2
29
58

answered Mar 29 '18 at 01:56

soyphea

469
5
11

Could you elaborate what actually happens here? I have the same requirement as OP but I don't quite see what your code does exactly. – Stefan Falk Jul 04 '19 at 20:05
Again, because this requirement needs to show different login page base on client id right? if yes, we can redirect url here: redirectStrategy.sendRedirect(request, response, redirectUrl); – soyphea Jul 05 '19 at 11:21
+1 a hint in the right direction for me - I was pulling out my hair to find a way to bypass the default OAuth2 Spring Security "choose your provider" default login screen and apparently this works – hello_earth Feb 11 '21 at 22:16
Glade to heard it helpful for you. @hello_earth – soyphea Nov 21 '21 at 11:52

Multiple Login endpoints Spring Security OAuth2

1 Answers1

Linked