C. *_*oss 5 spring-security saml pre-authentication spring-saml
我需要有多个PRE_AUTHSpring Security过滤器.特别是PRE_AUTH除了PRE_AUTH在Spring Security 3.0的SAML扩展中配置的两个过滤器之外,我还需要使用过滤器.现有的SAML配置如下.
<security:http entry-point-ref="samlEntryPoint">
<!-- snip intercepts -->
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlProcessingFilter"/>
<security:custom-filter before="PRE_AUTH_FILTER" ref="samlEntryPoint"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="metadataFilter"/>
<security:custom-filter after="LOGOUT_FILTER" ref="samlLogoutFilter"/>
<security:custom-filter before="LOGOUT_FILTER" ref="samlLogoutProcessingFilter"/>
</security:http>
PRE_AUTH需要在任一现有过滤器之前检查附加过滤器(即:使用此身份验证方法进行身份验证的用户不应有机会使用SAML.
我考虑过以下方式改变它.
<!-- snip -->
<security:custom-filter before="PRE_AUTH_FILTER" ref="newPreAuthFilter"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="samlEntryPoint"/>
<security:custom-filter after="PRE_AUTH_FILTER" ref="metadataFilter"/>
<!-- snip -->
这是否有效,或者是否需要更复杂的解决方案.
很老的问题,但仍然相关.使用弹簧复合滤波器:
<security:custom-filter before="PRE_AUTH_FILTER" ref="compositeAuthFilter"/>
<bean id="compositeAuthFilter" class="org.springframework.web.filter.CompositeFilter">
<property name="filters">
<list>
<ref bean="airlockAuthFilter"/>
<ref bean="samlEntryPoint"/>
<ref bean="metadataFilter"/>
</list>
</property>
</bean>
| 归档时间: |
|
| 查看次数: |
7384 次 |
| 最近记录: |