代码之家 › 专栏 › 技术社区 › Danny Lo

OpenSAML 2到3迁移,如何进行身份验证重定向?

opensaml java

1

Danny Lo · 技术社区 · 7 年前

我将项目中的opensaml依赖项从2.6.5更新到3.3.0,并成功地迁移了大部分代码,包括库的初始化。最后一个我无法迁移的方法是负责身份验证重定向的方法。这就是它是如何用OpenSAML 2实现的:

private void doAuthenticationRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
    AuthnRequest authnRequest = buildAuthnRequestObject();

    HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(response, true);

    responseAdapter.setStatusCode(HttpServletResponse.SC_MOVED_TEMPORARILY);

    SAMLMessageContext<?, AuthnRequest, ?> context = makeSamlMessageContext();

    XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

    SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory
            .getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);

    Endpoint samlEndpoint = endpointBuilder.buildObject();
    samlEndpoint.setLocation(dao.loadString((this.getClass().getName() + "_IDPRedirectURL")));

    String uuid = UUIDBuilder.createUUID().toString();
    context.setRelayState(uuid);

    context.setPeerEntityEndpoint(samlEndpoint);
    context.setOutboundSAMLMessage(authnRequest);
    context.setOutboundMessageTransport(responseAdapter);

    HTTPRedirectDeflateEncoder httpRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
    httpRedirectDeflateEncoder.encode((MessageContext) context);
}

我很难迁移它,因为库的这一部分似乎被重构了很多,但是,没有太多关于它的文档。 Message API Refactoring 给了我一些抽象的信息,我不能真正应用于我的特定案例,我也找不到任何合适的例子。有人能支持我完成这项任务吗?

1 回复 | 直到 7 年前

1

mpulcini 7 年前

private void doAuthenticationRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
  AuthnRequest authnRequest = buildAuthnRequestObject(); // assume this is your method

  // No response adapters needed anymore; the response now gets set directly on the encoder
  response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);

  // check your makeSamlMessageContext() method to see if any other properties on messageContext need to be set here
  MessageContext<SAMLObject> messageContext = new MessageContext<>();
  messageContext.setMessage(authnRequest);

  // This moved out of the Configuration class
  XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();

  SAMLObjectBuilder<Endpoint> endpointBuilder =
      (SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);

  Endpoint samlEndpoint = endpointBuilder.buildObject();
  samlEndpoint.setLocation(dao.loadString((this.getClass().getName() + "_IDPRedirectURL")));

  String uuid = UUIDBuilder.createUUID().toString(); // Assume this is your class

  // RelayState is now set via this helper method, or it can be performed via:
  // messageContext.getSubcontext(SAMLBindingContext.class, true).setRelayState(uuid);
  SAMLBindingSupport.setRelayState(messageContext, uuid);

  // Endpoint is now set via subcontexts
  SAMLPeerEntityContext peerEntityContext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
  SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
  endpointContext.setEndpoint(samlEndpoint);

  // MessageContext and HttpServletResponse now get set directly on the encoder
  HTTPRedirectDeflateEncoder httpRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
  httpRedirectDeflateEncoder.setMessageContext(messageContext);
  httpRedirectDeflateEncoder.setHttpServletResponse(response);
  httpRedirectDeflateEncoder.initialize();
  httpRedirectDeflateEncoder.encode();
}