编程语言
首页 > 编程语言> > Java配置中的Spring Security XML配置和Spring SAML?

Java配置中的Spring Security XML配置和Spring SAML?

作者:互联网

我在我的一个项目中使用spring security,现在想要介绍Spring SAML,到目前为止我已经使用了Spring的XML配置.我现在可以使用基于java的配置集成SAML吗?

我是SAML集成的新手,所以对此有任何帮助将不胜感激.

解决方法:

是的,您可以像使用Spring Security的其余部分一样使用Java配置Spring SAML.

您需要一个带有这样的配置类的WebSecurityConfig类

   protected void configure(HttpSecurity http) throws Exception {
    http
        .httpBasic()
            .authenticationEntryPoint(samlEntryPoint());
    http
        .csrf()
            .disable();
    http
        .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
        .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
    http        
        .authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers("/error").permitAll()
        .antMatchers("/saml/**").permitAll()
        .anyRequest().authenticated();
    http
        .logout()
            .logoutSuccessUrl("/");
}

您只需要使用Java将所有不同的bean编写在一起,例如像这样设置SecurityFilterChain

    public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
            samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
            samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

看看这个项目https://github.com/vdenotaris/spring-boot-security-saml-sample作为它如何完成的一个例子. com.vdenotaris.spring.boot.security.saml.web.config.WebSecurityConfig.java显示秘密酱的成分.

标签:java,security,spring,spring-security,spring-saml
来源: https://codeday.me/bug/20190623/1272671.html