1

我正在使用 spring security siteminder 实现解决方案。如果在请求中找不到标头,我可以检查标头中的 SM_USER 我想将请求重定向到登录页面。我该怎么做?我是 spring 新手

配置是: 

    <security:intercept-url pattern="/Login" access="permitAll"/>
    <security:intercept-url pattern="/**" />
    <security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</security:http>

<bean id="siteminderFilter" class="arunkumar.sso.preauth.RequestHeaderFilterAuth">
    <property name="principalRequestHeader" value="SM_USER"/>
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="preauthAuthProvider" class="arunkumar.sso.preauth.PreAuthenticatedProvider">
    <property name="preAuthenticatedUserDetailsService">
        <bean id="userDetailsServiceWrapper"  class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <property name="userDetailsService" ref="customUserDetailsService"/>
        </bean>
    </property>
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="preauthAuthProvider" />
</security:authentication-manager>  

<bean id="customUserDetailsService" class="arunkumar.sso.preauth.CustomUserDetailsService"></bean>
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"></bean>
4

1 回答 1

0

In RequestHeaderFilterAuth try this:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

       String header = ((HttpServletRequest)request).getHeader(headerName);
       if(header == null){
           ((HttpServletResponse) response).sendRedirect(loginUrl);
       }  
}
于 2014-06-25T06:45:49.930 回答