![](/img/trans.png)
[英]Spring REST, redirect request to another application with params (SSO, SAML)
[英]SSO request process in spring
我有一個帶有登錄頁面的spring-boot Web應用程序,然后是spring安全性。 現在,我必須將另一個Web應用程序中的Web應用程序作為SSO。 他們將在其網站上提供https:// testMyWebApp / login?userId = TestUser1&password = 123的鏈接,當任何人單擊此鏈接時,它應在我的應用程序中顯示歡迎頁面,而不是登錄頁面(查找用戶名和密碼)。 。 當前我的Web應用僅處理登錄頁面中的請求。有人可以指導我如何集成我的Web應用以通過不打擾當前登錄過程來處理來自另一個Web應用的此SSO請求嗎?
當前登錄邏輯如下:
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
try {
http
.authorizeRequests()
.antMatchers("/", "/css/**","/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.defaultSuccessUrl("/TestController/load", true)
.and()
.sessionManagement()
.invalidSessionUrl(loginPage)
.and()
.exceptionHandling().accessDeniedPage("/welcome")
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutSuccessUrl(loginPage)
.permitAll();
} catch (Exception e) {
throw new Exception(e);
}
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
try {
auth.authenticationProvider(authenticationProvider());
} catch (Exception e) {
throw new Exception(e);
}
}
@Bean
public UserDetailsService detailsService() {
return new UserDetailsImpl();
}
@Bean
public PasswordEncoder encoder() {
return new PasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider() {
AuthenticationProviderImpl provider = new AuthenticationProviderImpl();
provider.setUserDetailsService(detailsService());
provider.setPasswordEncoder(encoder());
return provider;
}
}
您可以添加一個自定義的預身份驗證過濾器,您可以在其中檢查參數並在后台進行身份驗證。 像這樣:
http.addFilter(yourCustomFilter())
.authenticationProvider(getAuthenticationProvider())
.userDetailsService(customUserDetailsService())
和方法yourCustomFilter()
可以如下所示。
@Bean
public AbstractPreAuthenticatedProcessingFilter tomcatRemoteUserFilter() throws Exception {
final AbstractPreAuthenticatedProcessingFilter abstractPreAuthenticatedProcessingFilter = new AbstractPreAuthenticatedProcessingFilter() {
@Override protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
final Principal userPrincipal = request.getUserPrincipal();
log.info("User Principal: "+userPrincipal);
//DO YOUR CHECKS
return "someUserId";
}
@Override protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
return "N/A";
}
};
abstractPreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManagerBean());
return abstractPreAuthenticatedProcessingFilter;
}
作為身份驗證提供者,您還應該使用PreAuthenticatedAuthenticationProvider
來獲取您的UserDetailsService
例如
@Bean
public PreAuthenticatedAuthenticationProvider getAuthenticationProvider() {
final PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(customUserDetailsService()));
return preAuthenticatedAuthenticationProvider;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.