Spring Security and Custom External Authentication
Question
I have such task - integrate my web application with external Single Sign-On service. It's custom non-standard implementation of SSO which is based on setting specific cookie and redirecting back to application. SSO and app are on the same domain.
Currently I'm using Spring Security filter to check this cookie on specific URL. This works just fine for scenario :
Web App -> SSO[ Supplied with callback url] -> Redirect back to my app.
But it obviously fails when user visits app which provides auth service and then "jumps" to any url of my app (and cookie is not checked because "special" url was not triggered).
What is recommended approach to solve such problem with Spring Security?
Thanks!
1 answers
solution1
9 ACCPTED 2013-03-04 15:58:36
The simplest way to solve your problem is to implement your own PreAuthenticatedProcessingFilter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6167
The question if your authentication provider provides a user name in a cookie. If it provides it – you can use this filter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6295
Please tell me if you need any additional clarifications.
Best regards,
Michael
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.