Spring安全性:从SiteMinder中排除URL?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (2)
  • 关注 (0)
  • 查看 (285)

我使用Java Congifration:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    // for class CustomUserDetailsService I configured how I get the list of 
    // user authorities with the content of SM_USER header

    userDetailsService = new CustomUserDetailsService();
    UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
            userDetailsService);

    preAuthenticatedProvider = new PreAuthenticatedAuthenticationProvider();
    preAuthenticatedProvider.setPreAuthenticatedUserDetailsService(wrapper);
    auth.authenticationProvider(preAuthenticatedProvider);


    log.debug("global security configuration was successfull");
}

然后我为不同的URL添加权限:

@Override
protected void configure(HttpSecurity http) throws Exception {      

    RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
    siteMinderFilter.setPrincipalRequestHeader("SM_USER");
    siteMinderFilter.setAuthenticationManager(authenticationManager());   
    http.addFilter(siteMinderFilter);
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
//adding an authority to URL containing SM_USEr_URL
    registry.antMatchers(HttpMethod.GET, "**/SM_USER_URL/**").hasAuthority("authority1"); 

//here I try to exclude the URL from Siteminder.
    registry.antMatchers(HttpMethod.GET, "**/ExcludedPage/**").permitAll();
}

我的问题是,对于ExcludedPageURL的请求,除了以下例外,我什么也没有得到:

    org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.

我不知道我怎么能为这个不需要任何SM的页面设置过滤器_所有的用户头。

提问于
用户回答回答于

添加

http.antMatcher(SM_USER_URL).addFilter(siteMinderFilter); 
用户回答回答于

试一试:

@Override
protected void configure(HttpSecurity http) throws Exception {      

    RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
    siteMinderFilter.setPrincipalRequestHeader("SM_USER");
    siteMinderFilter.setAuthenticationManager(authenticationManager()); 
  ->siteMinderFilter.setExceptionIfHeaderMissing(false);
    ...

扫码关注云+社区

领取腾讯云代金券