我想创建一个新的应用程序,使用Sping Boot 版本3和Java 17,并使用SAML 2令牌身份验证。在编写SecurityConfig类时,由于它无法扩展Spring 3中的WebSecurityConfigurerAdapter类,因此我不知道如何在SAMLProcessingFilter中提供authenticationManager,以便在FilterChainProxy中提供。我的SecurityConfig类位于以下代码行:
samlWebSSO处理过滤器。设置验证管理器(???);
`@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {
@Value("${saml.sp}")
private String samlAudience;
@Autowired
@Qualifier("saml")
private SavedRequestAwareAuthenticationSuccessHandler samlAuthSuccessHandler;
@Autowired
@Qualifier("saml")
private SimpleUrlAuthenticationFailureHandler samlAuthFailureHandler;
@Autowired
private SAMLEntryPoint samlEntryPoint;
@Autowired
private SAMLLogoutFilter samlLogoutFilter;
@Autowired
private SAMLLogoutProcessingFilter samlLogoutProcessingFilter;
@Autowired
private HttpSecurity httpSecurity;
@Bean
public SAMLDiscovery samlDiscovery() {
SAMLDiscovery idpDiscovery = new SAMLDiscovery();
return idpDiscovery;
}
@Autowired
private SAMLAuthenticationProvider samlAuthenticationProvider;
@Autowired
private ExtendedMetadata extendedMetadata;
@Autowired
private KeyManager keyManager;
public MetadataGenerator metadataGenerator() {
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId(samlAudience);
metadataGenerator.setExtendedMetadata(extendedMetadata);
metadataGenerator.setIncludeDiscoveryExtension(false);
metadataGenerator.setKeyManager(keyManager);
return metadataGenerator;
}
@Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter(HttpSecurity http) throws Exception {
SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
//AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
//**What should I give in below line**
samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager());
samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(samlAuthSuccessHandler);
samlWebSSOProcessingFilter.setAuthenticationFailureHandler(samlAuthFailureHandler);
return samlWebSSOProcessingFilter;
}
@Bean
public FilterChainProxy samlFilter(HttpSecurity http) throws Exception {
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter(http)));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
samlDiscovery()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
samlEntryPoint));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
samlLogoutFilter));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
samlLogoutProcessingFilter));
return new FilterChainProxy(chains);
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
return authConfig.getAuthenticationManager();
}
@Bean
public MetadataGeneratorFilter metadataGeneratorFilter() {
return new MetadataGeneratorFilter(metadataGenerator());
}
//@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable();
http
.httpBasic()
.authenticationEntryPoint(samlEntryPoint);
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(http), BasicAuthenticationFilter.class)
.addFilterBefore(samlFilter(http), CsrfFilter.class);
http
.authorizeRequests()
.requestMatchers("/").permitAll()
.anyRequest().authenticated();
http
.logout()
.addLogoutHandler((request, response, authentication) -> {
try {
response.sendRedirect("/saml/logout");
} catch (IOException e) {
e.printStackTrace();
}
});
}
@Bean
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(samlAuthenticationProvider);
}
}`
1条答案
按热度按时间agyaoht71#
您似乎正在使用旧的Spring Security SAML Extension项目。该项目已于2021年10月6日到期,因此将不支持2022年11月发布的Spring 6。
SAML支持已经转移到Spring Security中,您可以参考this documentation以开始使用。