Question

我有一个spring-boot Web应用程序，它有一个登录页面，然后是spring security。现在我必须将我的Web应用程序作为另一个Web应用程序的SSO。他们将在其网站上提供https://testMyWebApp/login?userId=TestUser1&password=123链接，当有人点击此链接时，它应该在我的应用中显示欢迎页面而不是登录页面（寻找用户名和密码）。目前，我的网络应用程序仅处理来自登录页面的请求。任何人都可以指导我如何整合我的网络应用程序以通过不干扰当前登录过程来处理来自其他网络应用程序的此SSO请求？

当前登录逻辑如下：

@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) {       
        try {
            http
                .authorizeRequests()
                    .antMatchers("/", "/css/**","/js/**").permitAll()
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/login")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .permitAll()                   
                     .defaultSuccessUrl("/TestController/load", true)
                    .and()                    
                .sessionManagement()
                    .invalidSessionUrl(loginPage)
                    .and()                   
                    .exceptionHandling().accessDeniedPage("/welcome")
                    .and()
                .logout()
                    .deleteCookies("JSESSIONID")
                    .logoutSuccessUrl(loginPage)
                    .permitAll();
        } catch (Exception e) {
            throw new Exception(e);
        }

    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) {
        try {
            auth.authenticationProvider(authenticationProvider());
        } catch (Exception e) {
            throw new Exception(e);
        }
    }

    @Bean
    public UserDetailsService detailsService() {
        return new UserDetailsImpl();
    }

    @Bean
    public PasswordEncoder encoder() {
        return new PasswordEncoder();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        AuthenticationProviderImpl provider = new AuthenticationProviderImpl();
        provider.setUserDetailsService(detailsService());
        provider.setPasswordEncoder(encoder());
        return provider;
    }
}

Answer 1

您可以添加自定义预身份验证过滤器，您可以在其中检查参数，并在后台进行身份验证。像这样：

http.addFilter(yourCustomFilter())
.authenticationProvider(getAuthenticationProvider())
.userDetailsService(customUserDetailsService())

，方法yourCustomFilter()可能如下所示。

@Bean
public AbstractPreAuthenticatedProcessingFilter tomcatRemoteUserFilter() throws Exception {
    final AbstractPreAuthenticatedProcessingFilter abstractPreAuthenticatedProcessingFilter = new AbstractPreAuthenticatedProcessingFilter() {
        @Override protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
            final Principal userPrincipal = request.getUserPrincipal();
            log.info("User Principal: "+userPrincipal);
            //DO YOUR CHECKS
            return "someUserId";


        }

        @Override protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
            return "N/A";
        }

    };
    abstractPreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManagerBean());
    return abstractPreAuthenticatedProcessingFilter;
}

作为身份验证提供程序，您还应该使用获得PreAuthenticatedAuthenticationProvider的{{1}}，例如

UserDetailsService

春季的SSO请求流程

1 个答案: