问题描述
大家好,我正在尝试将 Saml 身份验证添加到当前使用 OAuth2 密码登录表单并生成 JWT 令牌以启用对客户端的访问的 Spring Boot 应用程序。
目前我有一个端点,用于接收和解码 SAML 请求。现在我想以某种方式触发“登录”机制。我看到它似乎是从 WebSecurityConfig 类控制的,并最终在 JWTLoginFilter 成功/不成功方法中生成令牌。
IDP 设置为重定向到我的端点 /saml/authenticate:
@PostMapping(value = "/saml/authenticate")
@ResponseBody
public String getSamlAzureResponse(@RequestParam String SAMLResponse,HttpServletResponse servletResponse) throws Exception {
Response response = responseManager.processSAMLResponse(SAMLResponse);
protected void configure(HttpSecurity http) throws Exception {
UserInfoService userInfoService = applicationContext.getBean(UserInfoService.class);
UserLockoutService userLockoutService = applicationContext.getBean(UserLockoutService.class);
GetTokenService getTokenService = applicationContext.getBean(GetTokenService.class);
TokenAuthenticationManager tokenAuthenticationManager = new TokenAuthenticationManager();
tokenAuthenticationManager.setUserDetailsService(userDetailsService);
tokenAuthenticationManager.setGetTokenService(getTokenService);
tokenAuthenticationManager.setUserInfoService(userInfoService);
JWTAuthenticationFilter jwtTokenAuthenticationFilter = new JWTAuthenticationFilter("/web/**",Arrays.asList(permitAll),jwtTimeout,getTokenService,failureHandler,requestCache);
jwtTokenAuthenticationFilter.setAuthenticationManager(tokenAuthenticationManager);
JWTAuthenticationFilter jwtAuthenticationFilterSwagger =
new JWTAuthenticationFilter("/swagger-ui.html",requestCache);
jwtAuthenticationFilterSwagger.setAuthenticationManager(tokenAuthenticationManager);
JWTAuthenticationFilter jwtAuthenticationFilterOauth =
new JWTAuthenticationFilter("/oauth/authorize",requestCache);
jwtAuthenticationFilterOauth.setAuthenticationManager(tokenAuthenticationManager);
JWTAuthenticationFilter jwtAuthenticationFilterIndex =
new JWTAuthenticationFilter("/",requestCache);
jwtAuthenticationFilterIndex.setAuthenticationManager(tokenAuthenticationManager);
jwtAuthenticationFilterIndex.setRedirectExpired(false);
JWTLoginFilter jwtLoginFilter = new JWTLoginFilter(
"/web/login","/web/dashboard_personal",requestCache,userSecurityService);
jwtLoginFilter.setAuthenticationManager(tokenAuthenticationManager);
jwtLoginFilter.setTokenAuthenticationService(getTokenService);
jwtLoginFilter.setUserDetailsService(userDetailsService);
jwtLoginFilter.setPasswordEncoder(passwordEncoder);
jwtLoginFilter.setUserLockoutService(userLockoutService);
jwtLoginFilter.setPublisher(publisher);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.addFilterBefore(jwtLoginFilter,UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthenticationFilterOauth,UsernamePasswordAuthenticationFilter.class)
//.addFilterBefore(jwtAuthenticationFilterSaml,UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtTokenAuthenticationFilter,UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthenticationFilterSwagger,UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthenticationFilterIndex,UsernamePasswordAuthenticationFilter.class)
.addFilterafter(new WebAccountValidationFilter(userAuthService,settingsService),JWTAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Server","R2W server"))
.addHeaderWriter(new StaticHeadersWriter("Cache-Control","no-cache,no-store,max-age=0,must-revalidate"))
.addHeaderWriter(new StaticHeadersWriter("Pragma","no-cache"))
.addHeaderWriter(new StaticHeadersWriter("Expires","0"))
.and()
.requestMatchers()
.antMatchers("/dashboard/**","/web/**","/swagger-ui.html","/","/oauth/authorize").and()
.authorizeRequests()
.antMatchers(permitAll).permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.accessDeniedPage("/access_denied")
.and()
.csrf()
.csrftokenRepository(new CustomCsrftokenRepository(new CookieCsrftokenRepository()))
.and()
.formLogin()
.loginPage("/web/login")
.failureHandler(failureHandler)
.successHandler(authenticationSuccessHandler())
.defaultSuccessUrl("/web/dashboard_personal")
.permitAll();
}
我想知道如何使用来自 IDP 的响应来触发 JWT 的生成,以便对用户进行身份验证。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)