Home/ Questions/Q 8515501
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T05:09:50+00:00

I created a small and simple webapp using Spring Security and SpringMVC and I’m

  • 0

I created a small and simple webapp using Spring Security and SpringMVC and I’m trying to convert it to be a multi-tenant application.
The concept I want is to re-use actual JSPs I have and alter their contents based on configuration which I determine based on the path of the URL.

Example:
Customer #1 (abc) – URL: http://mydomain.com/abc/login.html
Customer #2 (xyz) – URL: http://mydomain.com/xyz/login.html

So the name of the “tenant” is a prefix to the page’s path.

I modified my controller to be like this:

@Controller
@RequestMapping("/{customer:[a-zA-Z0-9]+}/login.htm")
public class LoginController 
{
    private static final Logger logger = Logger.getLogger(LoginController.class);

    @RequestMapping
    @ReadOnlyRequest
    public String login(@PathVariable("customer") String customer, HttpServletRequest request) 
    {
        // Do some 'customer' related actions here

        return "login"; // Map to the 'login.jsp' view
    }
}

My view resolver configuration is:

<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
   <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
   <property name="prefix" value="/WEB-INF/jsp/" />
   <property name="suffix" value=".jsp" />
</bean>

Until now, I had the following form-login configuration:

<form-login 
   login-page="/login.htm"
   authentication-failure-url="/login.htm?error=true"
   login-processing-url="/login_process"
   default-target-url="/index.jsp"
   always-use-default-target="true"
/>

But I do not know how to convert it to support my changes.

Is there a way to convert it to something like: 

<form-login 
  login-page="/${customer}/login.htm"
  authentication-failure-url="/${customer}/login.htm?error=true"
  login-processing-url="/${customer}/login_process"
  default-target-url="/index.jsp"
  always-use-default-target="true"
/>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One possible idea is to use URL rewriting instead of manual handling of tenant identifiers. This way you can completely decouple tenant handling logic from your code, for example, as follows:

    • You define an inbound rewriting rule that converts /abc/login.html to /login.html and saves tenant identifier as a request attribute.

    • You define an outbound rule that appends the current tenant identifier to URLs being written into response. I think Spring Security should respect such a rule when sending redirects (if it doesn’t, you can define a custom RedirectStrategy).

    Though I have not tested this idea and cannot be sure that it would work.

    See also:

    • 0