java saml pac4j настройки обратного вызова MVC - PullRequest
Новая
       11

java saml pac4j настройки обратного вызова MVC

0 голосов
/ 25 мая 2018

Сценарий:

  1. внедрение pac4j-saml в наше существующее приложение Spring Web MVC.

  2. Использование приложения spring-webmvc-pac4j-demoв качестве шаблона.

  3. Иметь только один idp (Akamai).

  4. Запрос к idp, что наш URL единого входа будет http://localhost:8081/Maintenance/saml/sso.

  5. Запрос к IDP, что URL нашей аудитории будет http://localhost:8081/Maintenance/saml/metadata.

  6. Запрос SAML для URL http://localhost:8081/Maintenance/saml/sso.html.

** 7.Каким должно быть значение свойства name «serviceProviderEntityId»?

Какое значение в имени конструктора-аргумента "callbackUrl" должно быть установлено? **

9.Dispatcher-Servlet.xml - это: 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <mvc:resources mapping="/resources/**" location="/resources/" cache-period="31556926"/>

    <mvc:annotation-driven />
    <!--<mvc:default-servlet-handler />-->

    <context:component-scan base-package="samlpac4j" />
    <context:component-scan base-package="org.pac4j.springframework.web" />

    <context:property-placeholder location="classpath:application.properties"/>

    <bean name="/home.htm" class="home.HomeController"/>
    <bean name="/import.htm" class="dataImport.ImportController"/>
    <bean name="/process.htm" class="dataImport.ProcessController"/>    
    <bean name="/traffic.htm" class="home.TrafficController"/>
    <bean name="/delete_element.htm" class="dataDeletion.Delete_elementController"/>
    <bean name="/edit.htm" class="dataEdits.EditController"/>
    <bean name="/element_edit.htm" class="dataEdits.Element_editController"/>
    <bean name="/commit_changes.htm" class="dataEdits.Commit_changesController"/>
    <bean name="/filter.htm" class="filtering.FilterController"/>
    <bean name="/process_filtering.htm" class="filtering.Process_filteringController"/>
    <bean name="/login.htm" class="home.LoginController"/>
    <bean name="/authenticate.htm" class="home.AuthenticateController"/>
    <bean name="/logout.htm" class="home.LogOutController"/>


    <bean id="viewResolver"
          class="org.springframework.web.servlet.view.UrlBasedViewResolver">
        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
        <property name="prefix" value="/WEB-INF/jsp/"/>
        <property name="suffix" value=".jsp"/>
    </bean>


    <bean id="samlConfig" class="org.pac4j.saml.client.SAML2ClientConfiguration">
        <property name="keystoreResourceClasspath" value="samlKeystore.jks" />
        <property name="keystorePassword" value="pac4j-demo-passwd" />
        <property name="privateKeyPassword" value="pac4j-demo-passwd" />
        <property name="identityProviderMetadataResourceClasspath" value="metadata-akamai.xml" />
        <property name="maximumAuthenticationLifetime" value="3600" />
        <property name="serviceProviderEntityId" value="http://localhost:8081/Maintenance/saml/sso/callback?client_name=SAML2Client" />
        <property name="destinationBindingType" value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"></property>
    </bean>

    <bean id="saml2Client" class="org.pac4j.saml.client.SAML2Client">
        <constructor-arg name="configuration" ref="samlConfig" />
    </bean>

    <bean id="clients" class="org.pac4j.core.client.Clients">
        <constructor-arg name="callbackUrl" value="http://localhost:8081/Maintenance/saml/sso/callback" />
        <constructor-arg name="clients">
            <list>
                <ref bean="saml2Client" />
            </list>
        </constructor-arg>
    </bean>

    <bean id="adminRoleAuthorizer" class="org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer">
        <constructor-arg name="roles" value="ROLE_ADMIN" />
    </bean>

    <bean id="customAuthorizer" class="samlpac4j.CustomAuthorizer">
    </bean>

    <bean id="config" class="org.pac4j.core.config.Config">
        <constructor-arg name="clients" ref="clients" />
        <constructor-arg name="authorizers">
            <map>
                <entry key="admin" value-ref="adminRoleAuthorizer" />
                <entry key="custom" value-ref="customAuthorizer" />
            </map>
        </constructor-arg>
    </bean>

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/saml/*" />
            <bean class="org.pac4j.springframework.web.SecurityInterceptor">
                <constructor-arg name="config" ref="config" />
                <constructor-arg name="clients" value="SAML2Client" />
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
</beans>

10.раздел файла application.java 

 @RequestMapping("/saml/sso.html")
        public String samlsso(HttpServletRequest request, HttpServletResponse response, Map<String, Object> map) {
        return protectedHome(request, response, map);
        }
...