SSO request process in spring
Question
I have a spring-boot web application which has a login page and spring security follows. Now I have to put my web application as SSO from another web application. They are going to provide a link on their website as https://testMyWebApp/login?userId=TestUser1&password=123 when anyone clicks on this link it should show the welcome page in my app instead of the login page(seeking username and password). Currently my web app processes request from login page only.Can anyone guide me how I can integrate my web app to process this SSO request from another web app there by not disturbing the current login process?
Current Login logic is as follow:
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
try {
http
.authorizeRequests()
.antMatchers("/", "/css/**","/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.defaultSuccessUrl("/TestController/load", true)
.and()
.sessionManagement()
.invalidSessionUrl(loginPage)
.and()
.exceptionHandling().accessDeniedPage("/welcome")
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutSuccessUrl(loginPage)
.permitAll();
} catch (Exception e) {
throw new Exception(e);
}
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
try {
auth.authenticationProvider(authenticationProvider());
} catch (Exception e) {
throw new Exception(e);
}
}
@Bean
public UserDetailsService detailsService() {
return new UserDetailsImpl();
}
@Bean
public PasswordEncoder encoder() {
return new PasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider() {
AuthenticationProviderImpl provider = new AuthenticationProviderImpl();
provider.setUserDetailsService(detailsService());
provider.setPasswordEncoder(encoder());
return provider;
}
}
1 answers
solution1
0 2017-11-02 07:47:13
You can add a custom pre authentication filter where you can check the parameteres and do authentication in the background. Like this:
http.addFilter(yourCustomFilter())
.authenticationProvider(getAuthenticationProvider())
.userDetailsService(customUserDetailsService())
and the method yourCustomFilter() can look like this.
@Bean
public AbstractPreAuthenticatedProcessingFilter tomcatRemoteUserFilter() throws Exception {
final AbstractPreAuthenticatedProcessingFilter abstractPreAuthenticatedProcessingFilter = new AbstractPreAuthenticatedProcessingFilter() {
@Override protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
final Principal userPrincipal = request.getUserPrincipal();
log.info("User Principal: "+userPrincipal);
//DO YOUR CHECKS
return "someUserId";
}
@Override protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
return "N/A";
}
};
abstractPreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManagerBean());
return abstractPreAuthenticatedProcessingFilter;
}
As authentication Provider you should then also use a PreAuthenticatedAuthenticationProvider that gets your UserDetailsService eg
@Bean
public PreAuthenticatedAuthenticationProvider getAuthenticationProvider() {
final PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(customUserDetailsService()));
return preAuthenticatedAuthenticationProvider;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.