Spring security 简单SAML Successhandler_Spring Security_Saml_Saml 2.0_Spring Saml

Spring security 简单SAML Successhandler

spring-security

Spring security 简单SAML Successhandler,spring-security,saml,saml-2.0,spring-saml,Spring Security,Saml,Saml 2.0,Spring Saml,我们正在将项目从LDAP身份验证转换为简单的SAML身份验证。我们有自己的验证（“userValidation”），我们在LDAP身份验证中的successhandler方法中调用了它（下面的示例代码）。我们在将此验证方法转换为简单的SAML security-context.xml文件时遇到问题。您能帮助我如何在SAML中进行此验证吗？还提供了基于XML的开发中的等效解决方案 @Override protected void configure(HttpSecurity http) throw

我们正在将项目从LDAP身份验证转换为简单的SAML身份验证。我们有自己的验证（“userValidation”），我们在LDAP身份验证中的successhandler方法中调用了它（下面的示例代码）。我们在将此验证方法转换为简单的SAML security-context.xml文件时遇到问题。您能帮助我如何在SAML中进行此验证吗？还提供了基于XML的开发中的等效解决方案

@Override
protected void configure(HttpSecurity http) throws Exception {

   http
            .csrf().disable()
            .authorizeRequests()
                .anyRequest().authenticated()
            .and()
            .formLogin().successHandler(userValidation)
                .loginPage("/login").permitAll()
            .and()
            .logout().permitAll();
}

这是spring security中为您配置的结构，我希望它能帮助您完成需要放入类中然后引用的AuthenticationSuccuesHandler

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import javax.sql.DataSource ;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //Pour l'authentification des Utilisateur de Table Utilisateur
@Autowired
Securityhandler Myauthen  ;


@Autowired  
public void GlobalConfig(AuthenticationManagerBuilder auth,DataSource dataSource) throws Exception {
auth.jdbcAuthentication()
    .dataSource(dataSource) 
    .usersByUsernameQuery("SELECT  \"Pseudo\" AS principal , \"Password\" AS  credentials , true FROM \"UTILISATEUR\" WHERE \"Pseudo\" =  ? ")
            .authoritiesByUsernameQuery("SELECT  u.\"Pseudo\" AS principal , r.role as role  FROM \"UTILISATEUR\" u ,\"Role\" r where u.id_role=r.id_role AND \"Pseudo\" = ?  ")
                .rolePrefix("_ROLE");
}
    //ne pas appliqué la securité sur les ressources 
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
    .antMatchers("/bootstrap/**","/css/**");

}
@Override
protected void configure(HttpSecurity http) throws Exception {
http

    .csrf().disable()   
    .authorizeRequests()

    .anyRequest()   
        .authenticated()        
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .successHandler(Myauthen);

}

}