java如何为SAML SSO配置Spring boot、ApacheShiro、bujipac4j
我有一个SpringBoot主题的Leaf-Shiro应用程序
我看到了下面的例子
Spring启动-Spring安全-pac4j saml ssohttps://github.com/pac4j/spring-security-pac4j-boot-demo
Shiro web应用程序-buji-pac4jhttps://github.com/pac4j/buji-pac4j-demo
我想做的是两全其美。我想将Shiro用于RBAC,将buji-pac4j用于身份验证,通过SAML SSO进行身份验证
我没有找到任何文件来实现同样的目标。 以下是我所做的,请指导我正确设置
//in WebConfig .java i have following
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean("samlConfig")
public Config config() {
final SAML2Configuration cfg = new SAML2Configuration ("resource:samlKeystore.jks",
"pac4j-demo-passwd",
"pac4j-demo-passwd",
"resource:metadata-okta.xml");
cfg.setMaximumAuthenticationLifetime(3600);
cfg.setServiceProviderEntityId("https://localhost/callback?client_name=SAML2Client");
cfg.setServiceProviderMetadataPath("sp-metadata.xml");
cfg.setAuthnRequestBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
final SAML2Client saml2Client = new SAML2Client(cfg);
final Clients clients = new Clients("https://localhost/callback", saml2Client);
final Config config = new Config(clients);
config.addAuthorizer("custom", new CustomAuthorizer()); // this same as in example buji-pac4j-demo
return config;
}
}
//In WebSecurityConfig.java i have following
public class WebSecurityConfig {
@Autowired
private Config samlConfig;
@Bean(name = "shiroFilter")
public AbstractShiroFilter shiroFilter() throws Exception {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
HashMap<String, String> filterChainDefinitionMapping = new HashMap<String,String>();
filterChainDefinitionMapping.put("/*", "anon");
filterChainDefinitionMapping.put("/login", "anon");
filterChainDefinitionMapping.put("/forgotPwd", "anon");
filterChainDefinitionMapping.put("/resetPwd", "anon");
filterChainDefinitionMapping.put("/logout", "logout");
filterChainDefinitionMapping.put("/**", "authc,ssl");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMapping);
shiroFilterFactoryBean.setSecurityManager(securityManager());
final SecurityFilter bujiFilter = new SecurityFilter();
bujiFilter.setConfig(samlConfig);
bujiFilter.setClients("Saml2Client");
HashMap<String, Filter> filters = new HashMap<>();
filters.put("anon", new AnonymousFilter());
filters.put("authc", bujiFilter);
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl("/logout");
filters.put("logout", logoutFilter);
filters.put("roles", new RolesAuthorizationFilter());
filters.put("user", new UserFilter());
shiroFilterFactoryBean.setFilters(filters);
return (AbstractShiroFilter) shiroFilterFactoryBean.getObject();
}
/* i was previously using Shiro Authentication, hence the below code is there , now i want to do SAML SSO*/
@Bean(name = "customRealm")
@DependsOn("lifecycleBeanPostProcessor")
public CustomRealm customRealm() {
CustomRealm realm = new CustomRealm();
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
credentialsMatcher.setStoredCredentialsHexEncoded(false);
credentialsMatcher.setHashSalted(true);
realm.setCredentialsMatcher(credentialsMatcher);
realm.init();
return realm;
}
@Bean(name = "securityManager")
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(customRealm());
return securityManager;
}
}
现在,当我访问任何受保护的资源时,例如https://localhost/protected/home 而不是像在https://github.com/pac4j/buji-pac4j-demo的例子中那样带我去IDP登录(okta);应用程序重定向到默认的Shiro Auth urlhttps://localhost/login.jsp
我在这里遗漏了什么,我在shiroFilter中的配置是否错误?如果是,正确的方法是什么
共 (0) 个答案