LDAP 上的 Spring-security 3.1 单点登录
[英]Spring-security 3.1 single sign on LDAP
问题描述
I'm trying to add single sign on to two legacy systems on different domains.
我正在尝试向不同域上的两个旧系统添加单点登录。 That currently have working "regular" login.目前有工作的“常规”登录。 I found this https://stackoverflow.com/a/9925146 but I'm unsure about the step 1 more specifically this "implement functionality to serialize and write the Authentication object to a Session cookie with a global scope."我找到了这个https://stackoverflow.com/a/9925146,但我不确定第 1 步更具体地说是“实现将 Authentication 对象序列化并将其写入具有全局范围的会话 cookie 的功能”。 If I understand this correctly I should extract the sessionID and add it to a new cookie with a global scope.如果我理解正确,我应该提取 sessionID 并将其添加到具有全局范围的新 cookie。
I started by trying to extract the sessionID like so我首先尝试像这样提取 sessionID
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException,ServletException {
Cookie cookie = null;
UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication;
if (authentication.getDetails() != null) {
WebAuthenticationDetails dets = (WebAuthenticationDetails) auth.getDetails();
System.out.println("sessionID: " + dets.getSessionId());
}
response.addCookie(cookie);
super.onAuthenticationSuccess(request,response,authentication);
}
}
To verify that I'm on the right track i print the sessionID to terminal and compare it to the sessionID that spring-security sets in the browser.为了验证我是否在正确的轨道上,我将 sessionID 打印到终端并将其与 spring-security 在浏览器中设置的 sessionID 进行比较。 If I understand correctly they should match.如果我理解正确,它们应该匹配。 They don't match.他们不匹配。 Am I misunderstanding the solution suggested in the answer?我是否误解了答案中建议的解决方案?
1 个解决方案
解决方案1
0 2020-09-04 15:37:22
Single sign on is a very difficult problem to get right.单点登录是一个很难解决的问题。 I really would not recommend attempting to implement it unless you have a good grasp of the problem and how to solve it.我真的不建议尝试实施它,除非您很好地掌握了问题以及如何解决它。 If you can I highly recommend you try to use Oauth2 instead of implementing it yourself.如果可以,我强烈建议您尝试使用 Oauth2 而不是自己实现它。
https://www.baeldung.com/sso-spring-security-oauth2 might give you a starting point. https://www.baeldung.com/sso-spring-security-oauth2可能会给你一个起点。
If you are using an application server like JBoss or WebSphere you may be able to use their SSO option instead.如果您使用的是像 JBoss 或 WebSphere 这样的应用程序服务器,您可以改用它们的 SSO 选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.