Spring security 简单SAML Successhandler
我们正在将项目从LDAP身份验证转换为简单的SAML身份验证。我们有自己的验证(“userValidation”),我们在LDAP身份验证中的successhandler方法中调用了它(下面的示例代码)。我们在将此验证方法转换为简单的SAML security-context.xml文件时遇到问题。您能帮助我如何在SAML中进行此验证吗?还提供了基于XML的开发中的等效解决方案Spring security 简单SAML Successhandler,spring-security,saml,saml-2.0,spring-saml,Spring Security,Saml,Saml 2.0,Spring Saml,我们正在将项目从LDAP身份验证转换为简单的SAML身份验证。我们有自己的验证(“userValidation”),我们在LDAP身份验证中的successhandler方法中调用了它(下面的示例代码)。我们在将此验证方法转换为简单的SAML security-context.xml文件时遇到问题。您能帮助我如何在SAML中进行此验证吗?还提供了基于XML的开发中的等效解决方案 @Override protected void configure(HttpSecurity http) throw
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().successHandler(userValidation)
.loginPage("/login").permitAll()
.and()
.logout().permitAll();
}
这是spring security中为您配置的结构,我希望它能帮助您完成需要放入类中然后引用的AuthenticationSuccuesHandler
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import javax.sql.DataSource ;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//Pour l'authentification des Utilisateur de Table Utilisateur
@Autowired
Securityhandler Myauthen ;
@Autowired
public void GlobalConfig(AuthenticationManagerBuilder auth,DataSource dataSource) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT \"Pseudo\" AS principal , \"Password\" AS credentials , true FROM \"UTILISATEUR\" WHERE \"Pseudo\" = ? ")
.authoritiesByUsernameQuery("SELECT u.\"Pseudo\" AS principal , r.role as role FROM \"UTILISATEUR\" u ,\"Role\" r where u.id_role=r.id_role AND \"Pseudo\" = ? ")
.rolePrefix("_ROLE");
}
//ne pas appliqué la securité sur les ressources
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/bootstrap/**","/css/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(Myauthen);
}
}