27 July 2012

Spring Security - Two Security Realms in one Application

This blog post is mainly about Spring Security configuration.
More specifically it is intending to show how to configure two different security realms in one web application.
First security realm is intended for the browser clients. It enables us to log in with in the login page and access protected resources.
Second security realm is intended for the REST web service requests coming from an android application. On each request, the REST client should send required information to the server and this information will be used to decide if the RESTfull request should be allowed to pass.
The two security realms (configurations) are distinguished by different URL patterns of resources in the web application. In both configurations we are able to reuse same authentication logic.