设置一个项目,该项目将使用jwt作为表单登录名,同时还可以让用户选择进行spsaml登录。
WebSecurityConfig.java的摘录
@Autowired
private CustomUserDetailsService jwtUserDetailsService;
@Autowired
TokenHelper tokenHelper;
@Bean
public JWTAuthenticationEntryPoint jwtAuthenticationEntryPoint() {
return new JWTAuthenticationEntryPoint();
}
/**
* Defines the web based security configuration.
*
* @param http It allows configuring web based security for specific http requests.
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
// .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(samlFilter(), CsrfFilter.class)
.addFilterAt(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService), UsernamePasswordAuthenticationFilter.class);
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/saml/**").permitAll()
.antMatchers("/auth/login").permitAll()
.antMatchers("/js/**").permitAll()
.anyRequest().authenticated()
.and().exceptionHandling()
.defaultAuthenticationEntryPointFor(samlEntryPoint(), new AntPathRequestMatcher("/saml/login"))
.defaultAuthenticationEntryPointFor(jwtAuthenticationEntryPoint(), new AntPathRequestMatcher("/auth/login")).;
http
.logout()
.disable();
}
/**
* Sets a custom authentication provider.
*
* @param auth SecurityBuilder used to create an AuthenticationManager.
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(jwtUserDetailsService).passwordEncoder(passwordEncoder());
auth
.authenticationProvider(samlAuthenticationProvider());
}
saml登录流程当前有效,但是每次使用表单时,我都会获得一个jwt令牌,然后仍然需要通过saml登录。