SAML Spring 安全会话超时
SAML Spring Security session timeout
我已经配置了 SAML SSO,它运行良好。当会话过期时,它会在日志中给出以下内容。
2017-04-15 15:14:16,933 [http-nio-7070-exec-8] INFO org.springframework.boot.actuate.audit.listener.AuditListener - AuditEvent [timestamp=Sat Apr 15 15:14:16 IST 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
2017-04-15 15:14:17,035 [http-nio-7070-exec-8] INFO org.springframework.security.saml.log.SAMLDefaultLogger - AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;com.hbo.sso:portal;http://www.okta.com/xxxxxxx;;;
这是我的spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<import resource="classpath*:applicationContext-saml.xml" />
<security:http entry-point-ref="samlEntryPoint" use-expressions="true">
<security:intercept-url .... />
/* Logging out user */
<security:intercept-url pattern="/${myapp.logout.url}" access="permitAll()"/>
</security:http>
</beans>
当会话过期时,您的 spring 会话会自动清除,因此它会抛出拒绝访问异常,解决方案可能是 1. 在您的 spring-security.xml 添加拒绝访问页面重定向详细信息..
例如
<security:http >
<security:access-denied-handler error-page="/anonymous/accessdeniedpage.jsp"/>
</security:http>
要么
2. 如果您的 IDP 允许 configuration/redirection 页面会话超时,则将其映射到您的登录页面。
我已经配置了 SAML SSO,它运行良好。当会话过期时,它会在日志中给出以下内容。
2017-04-15 15:14:16,933 [http-nio-7070-exec-8] INFO org.springframework.boot.actuate.audit.listener.AuditListener - AuditEvent [timestamp=Sat Apr 15 15:14:16 IST 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
2017-04-15 15:14:17,035 [http-nio-7070-exec-8] INFO org.springframework.security.saml.log.SAMLDefaultLogger - AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;com.hbo.sso:portal;http://www.okta.com/xxxxxxx;;;
这是我的spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<import resource="classpath*:applicationContext-saml.xml" />
<security:http entry-point-ref="samlEntryPoint" use-expressions="true">
<security:intercept-url .... />
/* Logging out user */
<security:intercept-url pattern="/${myapp.logout.url}" access="permitAll()"/>
</security:http>
</beans>
当会话过期时,您的 spring 会话会自动清除,因此它会抛出拒绝访问异常,解决方案可能是 1. 在您的 spring-security.xml 添加拒绝访问页面重定向详细信息.. 例如
<security:http >
<security:access-denied-handler error-page="/anonymous/accessdeniedpage.jsp"/>
</security:http>
要么
2. 如果您的 IDP 允许 configuration/redirection 页面会话超时,则将其映射到您的登录页面。