Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
github
/
spring-security
zrkadlo https://github.com/spring-projects/spring-security
2
0
Fork 0
Súbory Issues 0 Wiki
Strom: 67c21de1cf
Branche Tagy
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
migration-7
/
saml2.adoc

saml2.adoc 2.3 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. = Saml 2.0 Migrations
    2. 

  2. 

  3. == Continue Filter Chain When No Relying Party Found
    4. 

  4. 

  5. In Spring Security 6, `Saml2WebSsoAuthenticationFilter` throws an exception when the request URI matches, but no relying party registration is found.
    6. 

  6. 

  7. There are a number of cases when an application would not consider this an error situation.
    8. 

  8. For example, this filter doesn't know how the `AuthorizationFilter` will respond to a missing relying party.
    9. 

  9. In some cases it may be allowable.
    10. 

  10. 

  11. In other cases, you may want your `AuthenticationEntryPoint` to be invoked, which would happen if this filter were to allow the request to continue to the `AuthorizationFilter`.
    12. 

  12. 

  13. To improve this filter's flexibility, in Spring Security 7 it will continue the filter chain when there is no relying party registration found instead of throwing an exception.
    14. 

  14. 

  15. For many applications, the only notable change will be that your `authenticationEntryPoint` will be invoked if the relying party registration cannot be found.
    16. 

  16. When you have only one asserting party, this means by default a new authentication request will be built and sent back to the asserting party, which may cause a "Too Many Redirects" loop.
    17. 

  17. 

  18. To see if you are affected in this way, you can prepare for this change in 6 by setting the following property in `Saml2WebSsoAuthenticationFilter`:
    19. 

  19. 

  20. [tabs]
    21. 

  21. ======
    22. 

  22. Java::
    23. 

  23. +
    24. 

  24. [source,java,role="primary"]
    25. 

  25. ----
    26. 

  26. http
    27. 

  27.     .saml2Login((saml2) -> saml2
    28. 

  28.         .withObjectPostProcessor(new ObjectPostProcessor<Saml2WebSsoAuhenticaionFilter>() {
    29. 

  29. 			@Override
    30. 

  30.             public Saml2WebSsoAuthenticationFilter postProcess(Saml2WebSsoAuthenticationFilter filter) {
    31. 

  31. 				filter.setContinueChainWhenNoRelyingPartyRegistrationFound(true);
    32. 

  32. 				return filter;
    33. 

  33.             }
    34. 

  34.         })
    35. 

  35.     )
    36. 

  36. ----
    37. 

  37. 

  38. Kotlin::
    39. 

  39. +
    40. 

  40. [source,kotlin,role="secondary"]
    41. 

  41. ----
    42. 

  42. http {
    43. 

  43.     saml2Login { }
    44. 

  44.     withObjectPostProcessor(
    45. 

  45.         object : ObjectPostProcessor<Saml2WebSsoAuhenticaionFilter?>() {
    46. 

  46.             override fun postProcess(filter: Saml2WebSsoAuthenticationFilter): Saml2WebSsoAuthenticationFilter {
    47. 

  47.             filter.setContinueChainWhenNoRelyingPartyRegistrationFound(true)
    48. 

  48.             return filter
    49. 

  49.         }
    50. 

  50.     })
    51. 

  51. }
    52. 

  52. ----
    53. 

  53. 

  54. Xml::
    55. 

  55. +
    56. 

  56. [source,xml,role="secondary"]
    57. 

  57. ----
    58. 

  58. <b:bean id="saml2PostProcessor" class="org.example.MySaml2WebSsoAuthenticationFilterBeanPostProcessor"/>
    59. 

  59. ----
    60. 

  60. ======
    61.