Spring Security 中的多个预身份验证过滤器？

发布于 2024-11-30 06:25:11 字数 1242 浏览 0 评论 0原文

我需要有多个 PRE_AUTH Spring Security 过滤器。特别是，除了 Spring Security 3.0 的 SAML 扩展中配置为 PRE_AUTH 的两个过滤器之外，我还需要使用一个 PRE_AUTH 过滤器。现有的 SAML 配置如下。

<security:http entry-point-ref="samlEntryPoint">
    <!-- snip intercepts -->
    <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlProcessingFilter"/>
    <security:custom-filter before="PRE_AUTH_FILTER" ref="samlEntryPoint"/>
    <security:custom-filter position="PRE_AUTH_FILTER" ref="metadataFilter"/>
    <security:custom-filter after="LOGOUT_FILTER" ref="samlLogoutFilter"/>
    <security:custom-filter before="LOGOUT_FILTER" ref="samlLogoutProcessingFilter"/>
</security:http>

需要在现有过滤器之前检查附加的 PRE_AUTH 过滤器（即：使用此身份验证方法进行身份验证的用户不应有机会使用 SAML。

我考虑按以下方式更改它。

<!-- snip -->
<security:custom-filter before="PRE_AUTH_FILTER" ref="newPreAuthFilter"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="samlEntryPoint"/>
<security:custom-filter after="PRE_AUTH_FILTER" ref="metadataFilter"/>
<!-- snip -->

这可行吗，或者需要更复杂的解决方案。

原文

I have a need to have multiple PRE_AUTH Spring Security filters. In particular I need to use a PRE_AUTH filter in addition to the two filters configured as PRE_AUTH in the SAML extension to Spring Security 3.0. The existing SAML configuration follows.

<security:http entry-point-ref="samlEntryPoint">
    <!-- snip intercepts -->
    <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlProcessingFilter"/>
    <security:custom-filter before="PRE_AUTH_FILTER" ref="samlEntryPoint"/>
    <security:custom-filter position="PRE_AUTH_FILTER" ref="metadataFilter"/>
    <security:custom-filter after="LOGOUT_FILTER" ref="samlLogoutFilter"/>
    <security:custom-filter before="LOGOUT_FILTER" ref="samlLogoutProcessingFilter"/>
</security:http>

The additional PRE_AUTH filter would need to be checked before either of the existing filters (ie: a user authenticated with this authentication method should not be given the opportunity to use SAML.

I considered changing it the following way.

<!-- snip -->
<security:custom-filter before="PRE_AUTH_FILTER" ref="newPreAuthFilter"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="samlEntryPoint"/>
<security:custom-filter after="PRE_AUTH_FILTER" ref="metadataFilter"/>
<!-- snip -->

Would this work, or is a more complicated solution required.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

不交电费瞎发啥光 2024-12-07 06:25:11

很老的问题，但仍然相关。使用spring的复合过滤器：

<security:custom-filter before="PRE_AUTH_FILTER" ref="compositeAuthFilter"/>

<bean id="compositeAuthFilter" class="org.springframework.web.filter.CompositeFilter">
    <property name="filters">
        <list>
            <ref bean="airlockAuthFilter"/>
            <ref bean="samlEntryPoint"/>
            <ref bean="metadataFilter"/>
        </list>
    </property>
</bean>

Very old question, but still relevant. Use the composite filter from spring:

<security:custom-filter before="PRE_AUTH_FILTER" ref="compositeAuthFilter"/>

<bean id="compositeAuthFilter" class="org.springframework.web.filter.CompositeFilter">
    <property name="filters">
        <list>
            <ref bean="airlockAuthFilter"/>
            <ref bean="samlEntryPoint"/>
            <ref bean="metadataFilter"/>
        </list>
    </property>
</bean>

回复收藏 0 原文

~没有更多了~