Spring安全和自定义外部身份验证
[英]Spring Security and Custom External Authentication
问题描述
I have such task - integrate my web application with external Single Sign-On service. 
我有这样的任务 - 将我的Web应用程序与外部单点登录服务集成。 It's custom non-standard implementation of SSO which is based on setting specific cookie and redirecting back to application. 它是SSO的自定义非标准实现,它基于设置特定cookie并重定向回应用程序。 SSO and app are on the same domain. SSO和应用程序位于同一个域中。
Currently I'm using Spring Security filter to check this cookie on specific URL. 目前我正在使用Spring Security过滤器在特定URL上检查此cookie。 This works just fine for scenario : 这适用于场景:
Web App -> SSO[ Supplied with callback url] -> Redirect back to my app. Web App - > SSO [随回调网址提供] - >重定向回我的应用程序。
But it obviously fails when user visits app which provides auth service and then "jumps" to any url of my app (and cookie is not checked because "special" url was not triggered). 但是当用户访问提供身份验证服务的应用程序然后“跳转”到我的应用程序的任何网址时(由于未触发“特殊”网址而未检查cookie),它显然会失败。
What is recommended approach to solve such problem with Spring Security? 使用Spring Security解决此类问题的建议方法是什么?
Thanks! 谢谢!
1 个解决方案
解决方案1
9 已采纳 2013-03-04 15:58:36
The simplest way to solve your problem is to implement your own PreAuthenticatedProcessingFilter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6167 解决问题的最简单方法是实现自己的PreAuthenticatedProcessingFilter: http : //static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6167
The question if your authentication provider provides a user name in a cookie. 验证提供程序是否在cookie中提供用户名的问题。 If it provides it – you can use this filter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6295 如果它提供了 - 您可以使用此过滤器: http : //static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6295
Please tell me if you need any additional clarifications. 如果您需要任何其他说明,请告诉我。
Best regards, 最好的祝福,
Michael 迈克尔
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.