I have a web application with two servlets and multiple mappings associated with each servlet, i.e.
web.xml:
<servlet-mapping>
<servlet-name>cheese</servlet-name>
<url-pattern>/edam/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cheese</servlet-name>
<url-pattern>/cheddar/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dog</servlet-name>
<url-pattern>/poodle/*</url-pattern>
</servlet-mapping>
...
I would now like to apply Spring Security to this web application, with a different security configuration for each servlet. This is because the servlets have different authentication requirements. As such, I would expect just two filter mappings:
<filter-mapping>
<filter-name>springSecurityFilterChainCheese</filter-name>
<servlet-name>cheese</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChainDog</filter-name>
<servlet-name>dog</servlet-name>
</filter-mapping>
Using Spring Security 3.1, I am able to define multiple <http> elements, which looks like a good way to go. However, I cannot see how to specify a bean name for each <http> element or any other way of mapping the element to a servlet.
I know that I can specify a pattern attribute on <http>, but I would then need to repeat the servlet-to-URL mapping in my Spring Security configuration, which isn’t DRY.
How can I map an <http> element to a specific servlet like this? Or will I need to expand out the <http> element and define all of my Spring Security beans myself?
Looking at the source code for Spring Security, it appears as though this could be possible by providing an
idornameon the<http>element, but the Spring Security XML schema prevents this! I’ve raised https://jira.springsource.org/browse/SEC-1978 accordingly.