How to interrupt spring security provider chain by condition?

Question

I have the following sring security configuration:

<security:authentication-manager>
    <security:authentication-provider ref="provider1"/>
    <security:authentication-provider ref="provider2"/>
    <security:authentication-provider ref="provider3"/>
    <security:authentication-provider ref="provider4"/>
    <security:authentication-provider ref="provider5"/>
    <security:authentication-provider ref="provider6"/>
</security:authentication-manager>

Now I need always return auth fail if now later than 21-00.

I don't want to add same code to each provider.

Is there nicer way?

You can throw and `AccountStatusException`. http://stackoverflow.com/questions/9303502/multiple-authentication-providers-in-spring-security — Evgeni Dimitrov, Mar 22 '16 at 15:26
@Evgeni it is correct. but I don't understand why this doesn't work for **BadCredentialsException** — gstackoverflow, Mar 22 '16 at 15:36

score 0 · Answer 1 · edited May 23 '17 at 12:31

0

This is a typical example for an custom security web expression. It is used in the intercept-url pattern instead of an authentication provider

For some details have a look at this answer, it has some more details about implementing a custom expression

edited May 23 '17 at 12:31

Community

1
1

answered Mar 22 '16 at 15:47

Ralph

115,440
53
279
370

These providers was written many times ago and I didn't sort out how they works. I just need add additional constraint – gstackoverflow Mar 22 '16 at 20:25
So that make my idea even better, because you do not need to touch the providers, you just need to add the security expression. – Ralph Mar 22 '16 at 20:54
please describe this solution please. I have read your topic but I still don't understand. – gstackoverflow Mar 22 '16 at 22:38
Which classes should I add? – gstackoverflow Mar 22 '16 at 22:38

How to interrupt spring security provider chain by condition?

1 Answers1