Does Spring Security support multi factor authentication?

Has anyone tried it?

Can thi开发者_Go百科s be used for sites that require high security like banking and financials?

Please advice.

---

Cloudseal plugs into spring security and offers single sign on and multi factor authentication using hard and soft tokens.

---

There is a specific exception (InsufficientAuthenticationException) which you should probably use for this. You'd need to provide an implementation of AccessDecisionManager which threw this exception if the first level of authentication passed, and a custom ExceptionTranslationFilter which recognised it and forwarded the user to the next stage of authentication.

---

Does Spring Security support multi factor authentication?

It doesn't support this out-of-the-box, but the SpringSecurity framework is very flexible, and I'd be amazed if you couldn't implement this functionality.

---

UPDATE (2020-01-14)

There is a "current" issue for adding MFA support to Spring Security:

• https://github.com/spring-projects/spring-security/issues/2603

Here are some examples of MFA that can be implemented with Spring technology:

• Two Factor Auth with Spring Security - a tutorial by Baeldung.
• OKTA - Secure Your Spring Boot Application with Multi-Factor Authentication. (Uses SpringBoot)