0

我有一个简单的 Spring Boot 应用程序,具有以下 2 个端点:

  • int:需要 Shibboleth SSO && 授权角色
  • ext:无 SSO,无需授权

我已经实现了一个PreAuthenticationFilter与 SSO 一起工作的方法。以下是不起作用的配置:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .authorizeRequests()
                .antMatchers("/ext/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .authorizeRequests()
                .and()
            .addFilter(preAuthenticationFilter());
    }
}

不应该PreAuthenticationFilter绕过/ext端点吗?但是,上述配置强制两个端点都转到PreauthenticationFilter. 也试过

web.ignoring().antMatchers("/ext/**")

无济于事。

这是我的程序的其余部分:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/ext/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .authorizeRequests()
                .and()
            .addFilter(preAuthenticationFilter());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        //web.ignoring().antMatchers("/ext/**");
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
        authenticationProvider.setPreAuthenticatedUserDetailsService(new ShibbolethUserDetailsService());
        auth.authenticationProvider(authenticationProvider);
    }

    @Bean
    RequestHeaderAuthenticationFilter preAuthenticationFilter() throws Exception {
        ShibbolethRequestHeaderAuthenticationFilter filter = new ShibbolethRequestHeaderAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager());       
        return filter;
    }
4

0 回答 0