[英]How to modify Spring Security filter chain at runtime?
I am using Spring security and my config looks like this. 我正在使用Spring安全性,我的配置如下所示。 I am using Spring Security SAML library.
我正在使用Spring Security SAML库。
http
.addFilterBefore(metadataGeneratorFilter(samlEntryPoint, extendedMetadata), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(samlEntryPoint, contextProvider), BasicAuthenticationFilter.class)
.authenticationProvider(samlAuthenticationProvider);
private FilterChainProxy samlFilter(SAMLEntryPoint samlEntryPoint, SAMLContextProvider contextProvider) {
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
samlEntryPoint));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
new MetadataDisplayFilter()));
try {
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter(samlAuthenticationProvider, contextProvider, samlProcessor)));
} catch (Exception e) {
e.printStackTrace();
}
SAMLDiscovery samlDiscovery = new SAMLDiscovery();
samlDiscovery.setMetadata(cachingMetadataManager);
samlDiscovery.setContextProvider(contextProvider);
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
samlDiscovery));
return new FilterChainProxy(chains);
}
Now since my app supports dynamic configuration, if the IDP SSO url is changed from /saml/SSO
to something else, then following filter will not work as the url is hardcoded and the configuration will take effect only after server restart. 现在,由于我的应用程序支持动态配置,因此,如果将IDP SSO网址从
/saml/SSO
更改为其他内容,则以下过滤器将不起作用,因为该网址是经过硬编码的,并且该配置仅在服务器重新启动后才生效。
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter(samlAuthenticationProvider, contextProvider, samlProcessor)));
Is there a way to change the filter at runtime? 有没有办法在运行时更改过滤器? I can see the
getRequestMatcher()
method in Official Spring docs but no way to set it. 我可以在Spring官方文档中看到
getRequestMatcher()
方法,但没有设置方法。 Am I approaching the problem in a wrong way? 我是否以错误的方式解决问题?
I think you can implement a customized RequestMatcher to check the url: 我认为您可以实现自定义的RequestMatcher来检查网址:
public class CustomizedAntRequestMatcher implements RequestMatcher {
@Override
public boolean matches(HttpServletRequest request) {
String url = "/saml/SSO/**"; //change this line to get your dynamic configuration
AntPathRequestMatcher antPathRequestMatcher = new AntPathRequestMatcher(url);
return antPathRequestMatcher.matches(request);
}
}
And then use the customized request matcher to replace the AntPathRequestMatcher: 然后使用定制的请求匹配器替换AntPathRequestMatcher:
chains.add(new DefaultSecurityFilterChain(new CustomizedRequestMatcher(),
samlWebSSOProcessingFilter(samlAuthenticationProvider, contextProvider, samlProcessor)));
Contact me if this way can not resolve your problem. 如果这种方式无法解决您的问题,请与我联系。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.