我有一个关于Spring Security和SiteMinder的问题。
通常,我对所有页面的所有请求都使用SM_USER头,但这一次我需要排除一个SM_USER :它将发送一个没有URL头的请求。
我使用Java Congifuration:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// for class CustomUserDetailsService I configured how I get the list of
// user authorities with the content of SM_USER header
userDetailsService = new CustomUserDetailsService();
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
userDetailsService);
preAuthenticatedProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedProvider.setPreAuthenticatedUserDetailsService(wrapper);
auth.authenticationProvider(preAuthenticatedProvider);
log.debug("global security configuration was successfull");
}
然后我为不同的URL添加权限:
@Override
protected void configure(HttpSecurity http) throws Exception {
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
siteMinderFilter.setPrincipalRequestHeader("SM_USER");
siteMinderFilter.setAuthenticationManager(authenticationManager());
http.addFilter(siteMinderFilter);
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
//adding an authority to URL containing SM_USEr_URL
registry.antMatchers(HttpMethod.GET, "**/SM_USER_URL/**").hasAuthority("authority1");
//here I try to exclude the URL from Siteminder.
registry.antMatchers(HttpMethod.GET, "**/ExcludedPage/**").permitAll();
}
我的问题是,对于对ExcludedPage URL的请求,除了异常之外,我什么也得不到:
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
我不知道我如何才能真正为这个页面设置过滤器,它根本不需要任何SM_USER头。
提前谢谢你。
https://stackoverflow.com/questions/34204161
复制相似问题