Spring Security SAML SSO重定向到控制器

时间:2018-11-29 18:54:26

标签: spring spring-security saml saml-2.0 spring-saml

在IdP启动的设置中使用代码片段重定向到控制器(/ bootstrap / v1):

public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
    SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successRedirectHandler.setDefaultTargetUrl("/bootstrap/v1");
    return successRedirectHandler;
}

控制器代码片段:

public class BootstrapController extends ParentController {

    @RequestMapping(value = "/v1", method = RequestMethod.POST)
    public ResponseEntity<BootstrapResponseDto> bootstrap(@RequestBody BootstrapRequestDto bootstrapRequestDto, @RequestHeader(value = "MAC-ADDRESS", required = false) String macAddress) {

        myAppUserDetails userDetails = SecurityContextUtils.getUserDetails();

        BootstrapResponseDto bootstrapResponseDto = new BootstrapResponseDto();

        // some app specific logic goes here...

        return new ResponseEntity<>(bootstrapResponseDto, HttpStatus.OK);
    }
}

调试级别日志片段:

  

11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d   ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 INFO   http-nio-8080-exec-6 Spring Security调试器:

     
     

已收到POST'/ saml / SSO'请求:

     

org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@28cc5b21

     

servletPath:/ saml / SSO pathInfo:null标头:主机:localhost:8080   用户代理:Mozilla / 5.0(Macintosh; Intel Mac OS X 10.13; rv:63.0)   Gecko / 20100101 Firefox / 63.0接受:   text / html,application / xhtml + xml,application / xml; q = 0.9, / ; q = 0.8   accept-language:en-US,en; q = 0.5 accept-encoding:gzip,deflate   内容类型:application / x-www-form-urlencoded内容长度:11320   dnt:1连接:保持活动的cookie:   JSESSIONID = ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2   升级不安全请求:1

     

安全过滤器链:[MetadataGeneratorFilter
  WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter
  CustomLogFilter HeaderWriterFilter LogoutFilter
  UsernamePasswordAuthenticationFilter BasicAuthenticationFilter
  FilterChainProxy RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter SessionManagementFilter
  ExceptionTranslationFilter FilterSecurityInterceptor]

     
     

11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d INFO   http-nio-8080-exec-6   o.o.c.b.s.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:   验证协议消息签名成功,消息类型:   {urn:oasis:names:tc:SAML:2.0:protocol}响应11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d   ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 INFO   http-nio-8080-exec-7 Spring Security调试器:

     
     

已收到GET'/ bootstrap / v1'的请求:

     

org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@5f9e2aff

     

servletPath:/ bootstrap / v1 pathInfo:null标头:主机:localhost:8080   用户代理:Mozilla / 5.0(Macintosh; Intel Mac OS X 10.13; rv:63.0)   Gecko / 20100101 Firefox / 63.0接受:   text / html,application / xhtml + xml,application / xml; q = 0.9, / ; q = 0.8   accept-language:en-US,en; q = 0.5 accept-encoding:gzip,deflate dnt:1   连接:保持活动的cookie:   JSESSIONID = ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2   升级不安全请求:1

     

安全过滤器链:[MetadataGeneratorFilter
  WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter
  CustomLogFilter HeaderWriterFilter LogoutFilter
  UsernamePasswordAuthenticationFilter BasicAuthenticationFilter
  FilterChainProxy RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter SessionManagementFilter
  ExceptionTranslationFilter FilterSecurityInterceptor]

     
     

11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d警告   http-nio-8080-exec-7 o.s.w.s.PageNotFound:请求方法'GET'not   支持

ExpiringUsernameAuthenticationToken设置为返回:

  

org.springframework.security.providers.ExpiringUsernameAuthenticationToken@fee70636:主体:com。<我的公司> .security.authentication。@ 325fcf8b;凭证:[受保护];已验证:true;详细信息:null;授予的权限:authority_1,authority_2,authority_3,authority_4

所以,我猜我的SAML验证以及用户身份验证和授权都很好。

似乎我面临的问题是HTTP GET无法正常工作。

如何配置和提交HTTP POST?要么 我是否应该重构控制器以处理行为(这可能会破坏基于表单的登录,这也是应用程序身份验证的一部分)?

HTTP Status 405 - Method Not Allowed Error

1 个答案:

答案 0 :(得分:0)

我相信这个问题与SAML根本无关,而是一个通用的Spring Security问题。另外,您也无需指定主体BootstrapRequestDto的来源。

您有一个SuccessHandler,它可以进行重定向:

successRedirectHandler.setDefaultTargetUrl("/bootstrap/v1"); 这将执行GET

您有一个控制器仅接受POST。而且您还没有指定尸体的来源吗?

您将需要编写一个自定义成功处理程序来发布帖子(可能是javascript自动提交表单?),或者只是将您的控制器更改为也接受GET。

public class BootstrapController extends ParentController {

    @RequestMapping(value = "/v1", method = RequestMethod.GET)
    public ResponseEntity<BootstrapResponseDto> bootstrap() {

        myAppUserDetails userDetails = SecurityContextUtils.getUserDetails();
        BootstrapResponseDto bootstrapResponseDto = new bootstrapResponseDto();

        // some app specific logic goes here...
        return new ResponseEntity<>(bootstrapResponseDto, HttpStatus.OK);
    }

    @RequestMapping(value = "/v1", method = RequestMethod.POST)
    public ResponseEntity<BootstrapResponseDto> bootstrap(@RequestBody BootstrapRequestDto bootstrapRequestDto, @RequestHeader(value = "MAC-ADDRESS", required = false) String macAddress) {

        myAppUserDetails userDetails = SecurityContextUtils.getUserDetails();

        BootstrapResponseDto bootstrapResponseDto = new BootstrapResponseDto();

        // some app specific logic goes here...

        return new ResponseEntity<>(bootstrapResponseDto, HttpStatus.OK);
    }
}
相关问题
最新问题