SAML OAuth集成 - 切换SAML

时间:2015-11-19 02:45:13

标签: spring-security spring-security-oauth2 spring-saml

我们正在实施配置OAuth或SAML或OAuth和SAML的灵活性。在saml安全上下文中配置以下内容:

<security:http pattern="/oauth/authorize/**" entry-point-ref="samlEntryPoint" use-expressions="true">
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
 ........
 ........


<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint" />     
        <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter" />
        <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter" />
        <security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter" />
        <security:filter-chain pattern="/oauth/authorize/**" filters="samlEntryPoint" />
    </security:filter-chain-map>
</bean>

有一个可配置属性,用于确定是启用还是禁用SAML。如何在禁用SAML时跳过调用samlEntryPoint?在切换SAML时总是重新启动应用程序,我不必考虑在应用程序运行时打开/关闭它的用例。

感谢任何帮助。

2 个答案:

答案 0 :(得分:0)

  

如何在禁用SAML时跳过调用samlEntryPoint?

要拥有各种身份验证方案,您可以使用Spring配置文件并编写单独的安全上下文文件。你就是这样做的:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
                       http://www.springframework.org/schema/beans/spring-beans.xsd">

    <!-- Spring Security configuration for SAML only authentication --> 
    <beans profile="auth-saml">
        <import resource="security/applicationContext-security-saml.xml" />
    </beans>

    <!-- Spring Security configuration for OAUTH only authentication -->
    <beans profile="auth-oauth">
        <import resource="security/applicationContext-security-oauth.xml" />
    </beans>

    <!-- Spring Security configuration for SAML+OAUTH authentication -->
    <beans profile="auth-saml-oauth">
        <import resource="security/applicationContext-security-saml-oauth.xml" />
    </beans>

</beans>

然后,您选择具有环境变量spring.profiles.active的活动Spring配置文件,其值与配置文件属性值(auth-samlauth-oauthauth-saml-oauth)对应。

答案 1 :(得分:0)

除了Gregoire的回复外,您还可以创建一个诸如 multiAuthenticationEntryPoint 的类-该类将这些入口点作为属性-您可以在其中实现

@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
        AuthenticationException authException) throws IOException, ServletException {
    // TODO Auto-generated method stub
    if(sth) 
        {
        customAuthenticationEntryPoint.commence(request, response, authException);
        return;
        }
    else {
        samlEntryPoint.commence(request, response, authException);
        return;
    }

}
相关问题
最新问题