Filter

过滤器类 org.mitre.openid.connect.client.OIDCAuthenticationFilter 可处理所有核心 RP 功能。 示例中它被设置在应用路由 /openid_connect_login 上。

过滤器 bean 的配置如下:

<security:http auto-config="false" use-expressions="true"
        disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
        pattern="/**">
    <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
    <security:logout logout-url="/j_spring_security_logout"  delete-cookies="JSESSIONID" />
</security:http>

<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="issuerService" ref="staticIssuerService" />
    <property name="serverConfigurationService" ref="staticServerConfigurationService" />
    <property name="clientConfigurationService" ref="staticClientConfigurationService" />
    <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
    <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />        
</bean>

<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/openid_connect_login" />
</bean>

具体参数说明如下:

issuerService:确定要连接的 OP。

serverConfigurationService:提供 OP 的配置参数。

clientConfigurationService:提供此 RP 连接到 OP 的配置参数。

authRequestOptionsService:提供要发送到授权端点的一组可选参数值。

authRequestUrlBuilder:用于将用户重定向到 OP 的URL。

results matching ""

    No results matching ""