@Bean
@Order(10)
protected SecurityFilterChain samlFilterChain(final HttpSecurity http) throws Exception {
OpenSamlAuthenticationProvider authenticationProvider = new OpenSamlAuthenticationProvider();
authenticationProvider.setResponseAuthenticationConverter(groupsConverter());
if (!isSsoEnabled){
http.anonymous();
return http.build();}
http.csrf().disable()
.authorizeHttpRequests(authorize -> authorize
.antMatchers("/**")
.permitAll()
.anyRequest().authenticated()
)
.saml2Login(saml2 -> saml2
.authenticationManager(new ProviderManager(authenticationProvider))
)
.saml2Login()
.successHandler(successRedirectHandler())
.failureHandler(failureRedirectHandler())
.and()
.saml2Logout(Customizer.withDefaults());
return http.build();
}
我的目标是检查条件属性是否允许我们使用SSO,如果不允许,则只需通过此过滤器链并能够使用基本身份验证登录。问题是,我无法弄清楚如何跳过http创建在这里,只是传递过滤器链下一个SecurityFilterChain与较低的前缀,就像:
chain.doFilter(request, response);
您可以添加自己的自定义过滤器,并检查该过滤器中的属性,并在需要时将链传递给基本验证过滤器
你可以看看这些文章
- https://www.javadevjournal.com/spring-security/custom-filter-in-spring-security
- https://www.baeldung.com/spring-security-custom-filter
- https://www.baeldung.com/spring-onceperrequestfilter
- https://spring.io/guides/topicals/spring-security-architecture