spring - Spring Security SAML SSO 重定向到控制器

问题描述

在 IdP 启动的设置中使用代码片段重定向到控制器 (/bootstrap/v1)：

public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
    SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successRedirectHandler.setDefaultTargetUrl("/bootstrap/v1");
    return successRedirectHandler;
}

控制器代码片段：

public class BootstrapController extends ParentController {

    @RequestMapping(value = "/v1", method = RequestMethod.POST)
    public ResponseEntity<BootstrapResponseDto> bootstrap(@RequestBody BootstrapRequestDto bootstrapRequestDto, @RequestHeader(value = "MAC-ADDRESS", required = false) String macAddress) {

        myAppUserDetails userDetails = SecurityContextUtils.getUserDetails();

        BootstrapResponseDto bootstrapResponseDto = new BootstrapResponseDto();

        // some app specific logic goes here...

        return new ResponseEntity<>(bootstrapResponseDto, HttpStatus.OK);
    }
}

调试级别日志片段：

11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 信息 http-nio-8080-exec-6 Spring 安全调试器：

---

收到 POST '/saml/SSO' 的请求：

org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@28cc5b21

servletPath:/saml/SSO pathInfo:null headers: host: localhost:8080 user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:63.0) Gecko/20100101 Firefox/63.0 accept: text/html,application/ xhtml+xml,application/xml;q=0.9, / ;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate content-type: application/x-www-form-urlencoded内容长度：11320 dnt：1 连接：保持活动 cookie：JSESSIONID=ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 升级不安全请求：1

安全过滤器链： [ MetadataGeneratorFilter
WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter
CustomLogFilter HeaderWriterFilter LogoutFilter
UsernamePasswordAuthenticationFilter BasicAuthenticationFilter
FilterChainProxy RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter SessionManagementFilter
ExceptionTranslationFilter FilterSecurityInterceptor ]

---

2018 年 11 月 29 日 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d 信息 http-nio-8080-exec-6 oocbsSAMLProtocolMessageXMLSignatureSecurityPolicyRule：协议消息签名验证成功，消息类型：{urn:oasis:names:tc: SAML:2.0:protocol}响应 11-29-2018 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2 INFO http-nio-8080-exec-7 Spring Security 调试器：

---

收到 GET '/bootstrap/v1' 的请求：

org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@5f9e2aff

servletPath:/bootstrap/v1 pathInfo:null headers: host: localhost:8080 user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:63.0) Gecko/20100101 Firefox/63.0 accept: text/html,application/ xhtml+xml,application/xml;q=0.9, / ;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate dnt: 1 connection: keep-alive cookie: JSESSIONID=ZDJhMWExYWUtZTAxNy00NDQwLWJmOTctNzcyNTJlOWUyNmQ2升级不安全请求：1

安全过滤器链： [ MetadataGeneratorFilter
WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter
CustomLogFilter HeaderWriterFilter LogoutFilter
UsernamePasswordAuthenticationFilter BasicAuthenticationFilter
FilterChainProxy RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter SessionManagementFilter
ExceptionTranslationFilter FilterSecurityInterceptor ]

---

2018 年 11 月 29 日 13:33:53 e7a5edb2-4051-4132-bad0-856d58af1c7d 警告 http-nio-8080-exec-7 oswsPageNotFound：不支持请求方法“GET”

ExpiringUsernameAuthenticationToken 设置为返回：

org.springframework.security.providers.ExpiringUsernameAuthenticationToken@fee70636：主体：com.<my-company>.security.authentication.@325fcf8b；凭证：[受保护]；已认证：真实；详细信息：空；授予权限：authority_1、authority_2、authority_3、authority_4

所以，我猜我的 SAML 验证和用户身份验证和授权很好。

似乎我面临的问题是 HTTP GET 无法正常工作。

如何配置和提交 HTTP POST？或者我应该重构我的控制器来处理行为（这可能会破坏基于表单的登录，这也是应用程序身份验证的一部分）？

HTTP 状态 405 - 方法不允许错误

标签： springspring-securitysamlsaml-2.0spring-saml