Fatal编程技术网

Spring security 跳过Spring SAML SSO上的特定路径

spring-security

Spring security 跳过Spring SAML SSO上的特定路径,spring-security,spring-saml,Spring Security,Spring Saml,网站contextPath是root,使用Spring security SAML实现单点登录。无论在localhost:8080根路径下输入什么url,它都将指向IDP提供程序进行身份验证,目前为止,这是正确的 我想要的是在localhost:8080/unsecure目录下,用户无需重定向到IDP进行身份验证即可访问。我不知道在哪里配置以告诉SAML跳过特定路径。在您的security-applicationContext.xml文件中,在配置spring security SAML时,您必

网站contextPath是root,使用Spring security SAML实现单点登录。无论在localhost:8080根路径下输入什么url,它都将指向IDP提供程序进行身份验证,目前为止,这是正确的

我想要的是在localhost:8080/unsecure目录下,用户无需重定向到IDP进行身份验证即可访问。我不知道在哪里配置以告诉SAML跳过特定路径。

在您的security-applicationContext.xml文件中,在配置spring security SAML时,您必须具有类似以下内容的映射URL:

<!-- Unsecured pages -->
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/logout.jsp"/>

<!-- Security for the administration UI -->
<security:http pattern="/saml/web/**" use-expressions="false">
    <security:access-denied-handler error-page="/saml/web/metadata/login"/>
    <security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
    <security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>

<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint" use-expressions="false">
    <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
    <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
在这里,我们允许图像、css、favicon等无需登录即可使用。因此,如果希望无需身份验证即可使用,请向不安全映射列表添加更多URL。

在security-applicationContext.xml文件中,在配置spring security saml时,必须具有类似以下内容的映射URL:

<!-- Unsecured pages -->
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/logout.jsp"/>

<!-- Security for the administration UI -->
<security:http pattern="/saml/web/**" use-expressions="false">
    <security:access-denied-handler error-page="/saml/web/metadata/login"/>
    <security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
    <security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>

<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint" use-expressions="false">
    <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
    <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
在这里,我们允许图像、css、favicon等无需登录即可使用。因此如果希望无需身份验证即可使用,请向不安全映射列表添加更多URL