SAML Http请求拦截与Spring Boot [英] SAML Http Request Intercept with Spring Boot
问题描述
参考此SO问题添加请求参数使用Spring Security SAML的SAML请求
我想用我自己的bean替换默认的HTTPRedirectDeflateBinding bean,它有一个自定义的HTTPRedirectDeflateEncoder来向我的SAML添加查询参数请求。
I am wanting to replace the default HTTPRedirectDeflateBinding bean with my own that has a custom HTTPRedirectDeflateEncoder to add query params to my SAML request.
我正在尝试使用 Spring Boot @Bean自动配置注释实现这一点,并且是Java环境的新手我不能似乎让它正常运作。我可以看到我的bean在启动时正在注册,但是出站的HTTP请求没有被它拦截,看起来原来的redirectBinding仍然是。
I'm trying to achieve this with the Spring Boot @Bean auto-configuration annotation and being new to the Java environment I can't seem to get it working right. I can see that my bean is registering on startup but the outbound HTTP request is not being intercepted by it and it appears the original redirectBinding still is.
这是我在配置类中添加的bean:
Here is my bean I added into my Configuration class:
@Bean(name="redirectBinding")
@Primary
public HTTPRedirectDeflateBinding HTTPRedirectDeflateBinding()
{
return new HTTPRedirectDeflateBinding(null, new My_SAML_HttpRedirectDeflateEncoder());
}
这是我的编码器我试图传递给重定向绑定
Here is my encoder I'm trying to pass into the redirect binding
public class My_SAML_HttpRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder{
@Override
protected String buildRedirectURL(SAMLMessageContext messagesContext, String endpointURL, String message)
throws MessageEncodingException {
URLBuilder urlBuilder = new URLBuilder(endpointURL);
List<Pair<String, String>> queryParams = urlBuilder.getQueryParams();
if (messagesContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
queryParams.add(new Pair<String, String>("service", "myService"));
queryParams.add(new Pair<String, String>("serviceType", "dev"));
}
return urlBuilder.buildURL();
}
}
我还试图通过此SO响应提出的解决方案弹簧启动添加http请求拦截器
类似的结果,我的HandlerInterceptor bean已注册,但没有被拦截。我觉得我错过了一个小细节。任何帮助,将不胜感激。
I also attempted the solution proposed from this SO response spring boot adding http request interceptors Similar results, my HandlerInterceptor bean was registered but nothing is being intercepted. I feel like I'm missing a small detail. Any help would be appreciated.
推荐答案
1.我认为您需要使用super方法buildRedirectURL,然后添加剥离或自定义查询参数,如下所示:
1.I think you need to use the super method buildRedirectURL and then add stripped or your custom query params, like this:
@Override
protected String buildRedirectURL(SAMLMessageContext messagesContext, String endpointURL, String message) throws MessageEncodingException {
URLBuilder redirectUrlBuilder = new URLBuilder(super.buildRedirectURL(messagesContext, endpointURL, message));
List<Pair<String, String>> queryParams = redirectUrlBuilder.getQueryParams();
queryParams.addAll(new URLBuilder(endpointURL).getQueryParams());// add stripped query params
return redirectUrlBuilder.buildURL();
}
2.我不确定是否可以将空值传递给HTTPRedirectDeflateBinding作为解码器。替代方案建议使用默认解码器,它接受ParserPool。
2.I am not sure if it fine to pass the null to the HTTPRedirectDeflateBinding as decoder. Alternative would suggest to use the default decoder, which accepts ParserPool.
这篇关于SAML Http请求拦截与Spring Boot的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!