Spring Security:從SiteMinder中排除URL
[英]Spring Security: exclude an URL from SiteMinder
問題描述
我對Spring Security和SiteMinder有疑問。
通常,我對所有頁面的所有請求都使用SM_USER標頭,但是這次我需要排除一個URL:它將發送不帶SM_USER標頭的請求。
我使用Java配置:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// for class CustomUserDetailsService I configured how I get the list of
// user authorities with the content of SM_USER header
userDetailsService = new CustomUserDetailsService();
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
userDetailsService);
preAuthenticatedProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedProvider.setPreAuthenticatedUserDetailsService(wrapper);
auth.authenticationProvider(preAuthenticatedProvider);
log.debug("global security configuration was successfull");
}
然后添加不同URL的權限:
@Override
protected void configure(HttpSecurity http) throws Exception {
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
siteMinderFilter.setPrincipalRequestHeader("SM_USER");
siteMinderFilter.setAuthenticationManager(authenticationManager());
http.addFilter(siteMinderFilter);
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
//adding an authority to URL containing SM_USEr_URL
registry.antMatchers(HttpMethod.GET, "**/SM_USER_URL/**").hasAuthority("authority1");
//here I try to exclude the URL from Siteminder.
registry.antMatchers(HttpMethod.GET, "**/ExcludedPage/**").permitAll();
}
我的問題是,對於ExcludedPage URL的請求,除了以下例外,我什么也沒得到:
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
而且,我根本無法為此頁面設置過濾器,因為它根本不需要任何SM_USER標頭。
先感謝您。
2 個解決方案
解決方案1
0 2015-12-14 08:55:51
為每個應該接受 siteminder的URL添加
http.antMatcher(SM_USER_URL).addFilter(siteMinderFilter);
解決方案2
0 2018-06-05 23:51:42
您缺少的是RequestHeaderAuthenticationFilter的正確行為。 嘗試將setExceptionIfHeaderMissing為false,如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
siteMinderFilter.setPrincipalRequestHeader("SM_USER");
siteMinderFilter.setAuthenticationManager(authenticationManager());
->siteMinderFilter.setExceptionIfHeaderMissing(false);
...
排除對 URL 的請求通過 Spring Security 過濾器運行
[英]Exclude requests to URL from being run through Spring Security filters
無法在POST請求中從Spring Security保護中排除一個URI
[英]Failing to exclude one URI from Spring Security protection on a POST request
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
將Spring Security與SiteMinder集成
Siteminder SSO和Spring安全性測試
使用Spring Security登出SiteMinder
排除對 URL 的請求通過 Spring Security 過濾器運行
如何在 Spring Security 中忽略/排除 url 模式
從spring-starter-security中排除網址
如何從Spring中的@RequestMapping中排除url映射?
無法在POST請求中從Spring Security保護中排除一個URI
未能從 Spring Security 保護中排除某些 URL
在 Spring Boot 中從 JWT 安全檢查中排除 URL
相關標簽