在IdP启动的设置中使用代码片段重定向到控制器(/ bootstrap / v1):
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successRedirectHandler.setDefaultTargetUrl("/bootstrap/v1");
return successRedirectHandler;
}
控制器代码片段:
public class BootstrapController extends ParentController {
@RequestMapping(value = "/v1", method = RequestMethod.POST)
public ResponseEntity<BootstrapResponseDto> bootstrap(@RequestBody BootstrapRequestDto bootstrapRequestDto, @RequestHeader(value = "MAC-ADDRESS", required = false) String macAddress) {
myAppUserDetails userDetails = SecurityContextUtils.getUserDetails();
BootstrapResponseDto bootstrapResponseDto = new BootstrapResponseDto();
// some app specific logic goes here...
return new ResponseEntity<>(bootstrapResponseDto, HttpStatus.OK);
}
}
调试级别日志片段:
11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 INFO http-nio-8080-exec-6 Spring Security Debugger:收到POST'/ saml / SSO'的请求:org.springframework . session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@28cc5b21 servletPath:/ saml / SSO pathInfo:null headers:host:localhost:8080 user-agent:Mozilla / 5.0(Macintosh; Intel Mac OS X 10.13; rv:63.0)Gecko / 20100101 Firefox / 63.0接受:text / html,application / xhtml xml,application / xml; q = 0.9,/; q = 0.8 accept-language:en-US,en; q = 0.5 accept-encoding:gzip,deflate content-type :应用/ X WWW的窗体-urlencoded内容长度:11320 DNT:1连接:保持活动的Cookie:JSESSIONID = ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2升级不安全-请求:1个安全过滤器链:[MetadataGeneratorFilter WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter CustomLogFilter HeaderWriterFilter LogoutFilter UsernamePasswordAuthenticationFilter BasicAut henticationFilter FilterChainProxy RequestCacheAwareFilter SecurityContextHolderAwareRequestFilter AnonymousAuthenticationFilter SessionManagementFilter ExceptionTranslationFilter FilterSecurityInterceptor] 11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d INFO http-nio-8080-exec-6 oocbsSAMLProtocolMessageXMLSignatureSecurityPolicyRule:协议消息签名验证成功,消息类型:{urn:oasis:names:tc:SAML:2.0:protocol}响应11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 INFO http-nio-8080-exec-7 Spring Security Debugger :收到GET'/ bootstrap / v1'的请求:org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@5f9e2aff servletPath:/ bootstrap / v1 pathInfo:null headers:host:localhost:8080 user-agent:Mozilla / 5.0 (Macintosh的;英特尔Mac OS X 10.13; rv:63.0)Gecko / 20100101 Firefox / 63.0接受:text / html,application / xhtml xml,application / xml; q = 0.9,/; q = 0.8 accept-language:en-US,en; q = 0.5 accept-encoding :gzip的,放气DNT:1个连接:保持活动的cookie:JSESSIONID = ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2升级不安全,请求:1个安全过滤器链:[MetadataGeneratorFilter WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter CustomLogFilter HeaderWriterFilter LogoutFilter UsernamePasswordAuthenticationFilter BasicAuthenticationFilter一样的FilterChainProxy RequestCacheAwareFilter SecurityContextHolderAwareRequestFilter AnonymousAuthenticationFilter SessionManagementFilter的ExceptionTranslationFilter FilterSecurityInterceptor] 2018年11月29日13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d WARN http-nio-8080-exec-7 oswsPageNotFound:不支持请求方法'GET'
ExpiringUsernameAuthenticationToken设置为返回:
org.springframework.security.providers.ExpiringUsernameAuthenticationToken@fee70636:校长:com . <my-company> .security.authentication . @ 325fcf8b;证书:[保护];认证:真实;细节:null;授权机构:authority_1,authority_2,authority_3,authority_4
所以,我猜测我的SAML验证和用户身份验证和授权是好的 .
似乎我面临的问题是HTTP GET无法正常工作 .
如何配置和提交HTTP POST?或者我应该重构我的控制器来处理行为(这可能会破坏基于表单的登录,这也是应用程序身份验证的一部分)?
1 回答
我相信这个问题与SAML完全没有关系,而是一个普遍的Spring Security问题 . 此外,您没有指定主体BootstrapRequestDto的来源 .
你有一个SuccessHandler,它执行重定向:
successRedirectHandler.setDefaultTargetUrl("/bootstrap/v1");
这执行GET
你有一个控制器只接受
POST
. 你还没有说明那个身体来自哪里?您需要编写一个自定义成功处理程序来发布帖子(可能是javascript自动提交表单?),或者只是将您的控制器更改为也接受GET .