public class SAMLConfigurerBean
extends org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
implements org.springframework.beans.factory.InitializingBean
SecurityConfigurerAdapter implementation to load the actual SAML configuration into Spring
Security.
Can be used Standalone as a Spring Bean in conjunction with WebSecurityConfigurerAdapter
and EnableSAMLSSO like this:
@SpringBootApplication
@EnableSAMLSSO
public class OktaSSODemoApplication2 {
public static void main(String[] args) {
SpringApplication.run(OktaSSODemoApplication2.class, args);
}
@Configuration
public static class MvcConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
registry.addViewController("/protected").setViewName("protected");
registry.addViewController("/unprotected/help").setViewName("help");
}
}
@Configuration
public static class MyServiceProviderConfig extends WebSecurityConfigurerAdapter {
public MyServiceProviderConfig() {
super(false);
}
@Bean
SAMLConfigurerBean saml() {
return new SAMLConfigurerBean();
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/unprotected/**")
.permitAll()
.and()
.httpBasic()
.disable()
.csrf()
.disable()
.anonymous()
.and()
.apply(saml())
.serviceProvider()
.metadataGenerator()
.entityId("localhost-demo")
.bindingsSSO("artifact", "post", "paos")
.and()
.ecpProfile()
.and()
.sso()
.defaultSuccessURL("/home")
.idpSelectionPageURL("/idpselection")
.and()
.metadataManager()
.metadataLocations("classpath:/idp-okta.xml")
.refreshCheckInterval(0)
.and()
.extendedMetadata()
.ecpEnabled(true)
.idpDiscoveryEnabled(true)//set to false for no IDP Selection page.
.and()
.keyManager()
.privateKeyDERLocation("classpath:/localhost.key.der")
.publicKeyPEMLocation("classpath:/localhost.cert")
.and()
.http()
.authorizeRequests()
.requestMatchers(saml().endpointsMatcher()).permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated();
// @formatter:on
}
}
}
| Modifier and Type | Field and Description |
|---|---|
protected org.springframework.security.authentication.AuthenticationManager |
authenticationManager |
protected ServiceProviderBuilder |
serviceProviderBuilder |
| Constructor and Description |
|---|
SAMLConfigurerBean()
Default Constructor to be used withing Dependency Injection Container only.
|
SAMLConfigurerBean(ServiceProviderBuilder serviceProviderBuilder,
org.springframework.security.authentication.AuthenticationManager authenticationManager)
Constructor for Standalone initialization.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
addFilter(org.springframework.security.config.annotation.web.builders.HttpSecurity http,
Class<? extends javax.servlet.Filter> filterClass) |
void |
afterPropertiesSet() |
void |
configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) |
org.springframework.security.web.util.matcher.RequestMatcher |
endpointsMatcher()
Returns a request
RequestMatcher that matches all the SAML endpoints configured by the user:
defaultFailureURL, ssoProcessingURL, ssoHoKProcessingURL, discoveryProcessingURL, idpSelectionPageURL,
ssoLoginURL, metadataURL, defaultTargetURL, logoutURL and singleLogoutURL. |
void |
init(org.springframework.security.config.annotation.web.builders.HttpSecurity http) |
ServiceProviderBuilder |
serviceProvider()
Returns The
ServiceProviderBuilder for customization of the SAML Service Provider |
ServiceProviderBuilder |
serviceProvider(List<ServiceProviderConfigurer> serviceProviderConfigurers)
Returns The
ServiceProviderBuilder for customization of the SAML Service Provider |
void |
setBuilder(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity) |
@Autowired protected ServiceProviderBuilder serviceProviderBuilder
@Autowired protected org.springframework.security.authentication.AuthenticationManager authenticationManager
public SAMLConfigurerBean()
public SAMLConfigurerBean(ServiceProviderBuilder serviceProviderBuilder, org.springframework.security.authentication.AuthenticationManager authenticationManager)
serviceProviderBuilder - The Service Provider Builder to get SAML configuration from.authenticationManager - The Authentication Manager to setup Spring Security with.public void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanExceptionpublic ServiceProviderBuilder serviceProvider()
ServiceProviderBuilder for customization of the SAML Service ProviderServiceProviderBuilder for customization of the SAML Service Providerpublic ServiceProviderBuilder serviceProvider(List<ServiceProviderConfigurer> serviceProviderConfigurers)
ServiceProviderBuilder for customization of the SAML Service ProviderserviceProviderConfigurers - A list ServiceProviderConfigurer to apply to the ServiceProviderBuilder
before it is returned.ServiceProviderBuilder for customization of the SAML Service Providerpublic org.springframework.security.web.util.matcher.RequestMatcher endpointsMatcher()
RequestMatcher that matches all the SAML endpoints configured by the user:
defaultFailureURL, ssoProcessingURL, ssoHoKProcessingURL, discoveryProcessingURL, idpSelectionPageURL,
ssoLoginURL, metadataURL, defaultTargetURL, logoutURL and singleLogoutURL.
To be used with HttpSecurity.authorizeRequests() in this fashion:
http
.authorizeRequests()
.requestMatchers(samlConfigurerBean.endpointsMatcher())
.permitAll()
So that all the configured URLs can bypass security.
RequestMatcherpublic void setBuilder(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity)
setBuilder in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>public void init(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
throws Exception
init in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>Exceptionpublic void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
throws Exception
configure in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>Exceptionprotected void addFilter(org.springframework.security.config.annotation.web.builders.HttpSecurity http,
Class<? extends javax.servlet.Filter> filterClass)
Copyright © 2018. All rights reserved.