SAML OAuth 集成 - 切换 SAML
SAML OAuth Integration - toggle SAML
我们正在实现配置 OAuth 或 SAML 或同时配置 OAuth 和 SAML 的灵活性。在 saml 安全上下文中配置了以下内容:
<security:http pattern="/oauth/authorize/**" entry-point-ref="samlEntryPoint" use-expressions="true">
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
........
........
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint" />
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter" />
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter" />
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter" />
<security:filter-chain pattern="/oauth/authorize/**" filters="samlEntryPoint" />
</security:filter-chain-map>
</bean>
有一个可配置的 属性 来确定是启用还是禁用 SAML。当 SAML 被禁用时,如何跳过 samlEntryPoint 被调用?切换 SAML 时应用程序总是重新启动,当应用程序为 运行.
时,我不必考虑切换它的用例 on/off
感谢任何帮助。
How can I skip the samlEntryPoint from getting invoked when SAML is disabled?
要拥有各种身份验证方案,您可以使用 Spring 配置文件并编写单独的安全上下文文件。这就是你的做法:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- Spring Security configuration for SAML only authentication -->
<beans profile="auth-saml">
<import resource="security/applicationContext-security-saml.xml" />
</beans>
<!-- Spring Security configuration for OAUTH only authentication -->
<beans profile="auth-oauth">
<import resource="security/applicationContext-security-oauth.xml" />
</beans>
<!-- Spring Security configuration for SAML+OAUTH authentication -->
<beans profile="auth-saml-oauth">
<import resource="security/applicationContext-security-saml-oauth.xml" />
</beans>
</beans>
然后选择活动的 Spring 配置文件,其环境变量 spring.profiles.active 的值对应于配置文件属性值(auth-saml、auth-oauth 或 auth-saml-oauth).
除了 Gregoire 的响应之外,您还可以创建一个 class,例如 multiAuthenticationEntryPoint - 将这些入口点作为 属性 - 您可以在其中实施
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
// TODO Auto-generated method stub
if(sth)
{
customAuthenticationEntryPoint.commence(request, response, authException);
return;
}
else {
samlEntryPoint.commence(request, response, authException);
return;
}
}
我们正在实现配置 OAuth 或 SAML 或同时配置 OAuth 和 SAML 的灵活性。在 saml 安全上下文中配置了以下内容:
<security:http pattern="/oauth/authorize/**" entry-point-ref="samlEntryPoint" use-expressions="true">
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
........
........
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint" />
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter" />
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter" />
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter" />
<security:filter-chain pattern="/oauth/authorize/**" filters="samlEntryPoint" />
</security:filter-chain-map>
</bean>
有一个可配置的 属性 来确定是启用还是禁用 SAML。当 SAML 被禁用时,如何跳过 samlEntryPoint 被调用?切换 SAML 时应用程序总是重新启动,当应用程序为 运行.
时,我不必考虑切换它的用例 on/off感谢任何帮助。
How can I skip the samlEntryPoint from getting invoked when SAML is disabled?
要拥有各种身份验证方案,您可以使用 Spring 配置文件并编写单独的安全上下文文件。这就是你的做法:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- Spring Security configuration for SAML only authentication -->
<beans profile="auth-saml">
<import resource="security/applicationContext-security-saml.xml" />
</beans>
<!-- Spring Security configuration for OAUTH only authentication -->
<beans profile="auth-oauth">
<import resource="security/applicationContext-security-oauth.xml" />
</beans>
<!-- Spring Security configuration for SAML+OAUTH authentication -->
<beans profile="auth-saml-oauth">
<import resource="security/applicationContext-security-saml-oauth.xml" />
</beans>
</beans>
然后选择活动的 Spring 配置文件,其环境变量 spring.profiles.active 的值对应于配置文件属性值(auth-saml、auth-oauth 或 auth-saml-oauth).
除了 Gregoire 的响应之外,您还可以创建一个 class,例如 multiAuthenticationEntryPoint - 将这些入口点作为 属性 - 您可以在其中实施
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
// TODO Auto-generated method stub
if(sth)
{
customAuthenticationEntryPoint.commence(request, response, authException);
return;
}
else {
samlEntryPoint.commence(request, response, authException);
return;
}
}