Java 配置中的 Spring Security XML 配置和 Spring SAML
[英]Spring Security XML configuration and Spring SAML in Java configuration
问题描述
I am using Spring Security in one of my project and now want to introduce Spring SAML.
我在我的一个项目中使用 Spring Security,现在想引入 Spring SAML。 I have used Spring's XML configuration so far.到目前为止,我已经使用了 Spring 的 XML 配置。 Can I integrate SAML using Java based configuration?我可以使用基于 Java 的配置来集成 SAML 吗?
I am new to SAML integration.我是 SAML 集成的新手。
2 个解决方案
解决方案1
3 已采纳 2015-08-26 01:40:08
Yes you can configure Spring SAML using Java just like you can with the rest of Spring Security.是的,您可以像使用 Spring Security 的其余部分一样使用 Java 配置 Spring SAML。
You need a WebSecurityConfig class with a configure class like this您需要一个带有这样的配置类的 WebSecurityConfig 类
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.authenticationEntryPoint(samlEntryPoint());
http
.csrf()
.disable();
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/error").permitAll()
.antMatchers("/saml/**").permitAll()
.anyRequest().authenticated();
http
.logout()
.logoutSuccessUrl("/");
}
You just need to write all the different beans together using Java, eg set up the SecurityFilterChain like this您只需要使用 Java 将所有不同的 bean 编写在一起,例如像这样设置 SecurityFilterChain
public FilterChainProxy samlFilter() throws Exception {
List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
samlLogoutFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
metadataDisplayFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
samlWebSSOHoKProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
samlLogoutProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
samlIDPDiscovery()));
return new FilterChainProxy(chains);
}
Look at this project https://github.com/vdenotaris/spring-boot-security-saml-sample as an example for how it is done.看看这个项目https://github.com/vdenotaris/spring-boot-security-saml-sample作为它是如何完成的示例。 The com.vdenotaris.spring.boot.security.saml.web.config.WebSecurityConfig.java shows the ingredients of the secret sauce. com.vdenotaris.spring.boot.security.saml.web.config.WebSecurityConfig.java 显示了秘方的成分。
解决方案2
1 2015-08-25 10:29:52
you can use xml configuration for SAML integration.您可以使用 xml 配置进行 SAML 集成。 It is hard to create it from scratch as a starter, so i suggest you to download spring saml sample application and create your configuration based on it.作为初学者很难从头开始创建它,因此我建议您下载 spring saml 示例应用程序并基于它创建您的配置。 Integration to your existing application is just a spring security integration.集成到您现有的应用程序只是一个 spring 安全集成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.