我有一个CustomOpenIDAuthenticationFilter扩展org.springframework.security.openid.OpenIDAuthenticationFilter。 我想在身份验证成功后定义响应URL ,但不知道如何操作。我们非常感谢您提供的任何帮助。
目前我有以下代码:
public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter{
protected static Logger logger = Logger.getLogger("service");
public CustomOpenIDAuthenticationFilter(){
super();
ProxyProperties proxyProps = new ProxyProperties();
proxyProps.setProxyHostName(PROXYNAME);
proxyProps.setProxyPort(PROXYPORT);
HttpClientFactory.setProxyProperties(proxyProps);
}
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException {
//i think the response url should be defined here.
Authentication au = super.attemptAuthentication(request, response);
return au;
}
}
修改
抱歉你的时间,我没有正确解释我的问题。 因此,当我的登录页面向openid提供程序发送身份验证请求时,该请求包含returnToUrl,其中是“在生成身份验证响应后OpenID提供程序将返回用户的使用者站点上的URL”。在非弹簧应用程序中,我会做
AuthRequest authRequest = manager.authenticate(discovered, returnToUrl);
我的问题是如何在CustomOpenIDAuthenticationFilter中指定returnToUrl。
答案 0 :(得分:3)
要指定returnToUrl,您可以覆盖String buildReturnToUrl(HttpServletRequest request)方法。下面给出了使其成为任意URL的示例:
public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter {
...
protected String buildReturnToUrl(HttpServletRequest request) {
// this URL needs to be processed by CustomOpenIDAuthenticationFilter to validate
// the OpenID response and authenticate the user
return "https://example.com";
}
}
正如评论所提到的,此网址应该是CustomOpenIDAuthenticationFilter将处理的网址,因为它是验证OpenID响应的网址。
答案 1 :(得分:1)
这也可以通过在OPENID_FILTER
之前创建自定义过滤器来实现 </http>
...
<custom-filter before="OPENID_FILTER" ref="myBeforeOpenIDFilter" />
</http>
<beans:bean id="myBeforeOpenIDFilter"class="com.example.provider.openid.MyBeforeOpenIdFilter" />
下面是我自定义过滤器的实现
package com.example.provider.openid;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class MyBeforeOpenIdFilter implements Filter{
static Logger logger = LoggerFactory.getLogger(MyBeforeOpenIdFilter.class);
static class FilteredRequest extends HttpServletRequestWrapper {
public FilteredRequest(HttpServletRequest request) {
super(request);
}
@Override
public java.lang.StringBuffer getRequestURL(){
String baseUrl = (String) super.getSession().getServletContext().getAttribute("applicationBaseUrl");
StringBuffer sb = super.getRequestURL();
int index = sb.indexOf("/j_spring_openid_security_check");
if(index != -1){
// here replace the host etc with proper value
if(baseUrl.endsWith("/")){
baseUrl = baseUrl.substring(0, baseUrl.length()-1);
}
logger.debug("Changing the getRequestURL to inject the correct host so openid login could work behind proxy");
logger.debug("Original getRequestURL: "+sb.toString());
logger.debug("Replacing the baseUrl with: "+baseUrl);
sb.replace(0, index, baseUrl);
logger.debug("New getRequestURL: "+sb.toString());
}
return sb;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//No need to init
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
chain.doFilter(new FilteredRequest((HttpServletRequest) request), response);
}
@Override
public void destroy() {
//No need to destroy
}
}
通过这种方式,您可以使用默认命名空间定义openid提供程序 如果需要,可以使用过滤器插件。在我的实现中,我从servlet上下文中获取baseUrl,但它可以简单地硬编码
希望这会有所帮助
干杯 Szymon