这是由在SecurityContextPersistenceFilter之后使用FilterChainProxy引起的。特别是FilterChainProxy的HttpFirewall正在用不再实现SavedRequest的DefaultHttpFirewall替换HttpServletResponse。要解决此问题,可以将自定义HttpFirewall注入samlFilter
FilterChainProxy中,该返回返回传递给它的相同HttpServletResponse。例如:
public class DonothingHttpFirewall implements HttpFirewall { public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException { return new MyFirewalledRequest(request); } public HttpServletResponse getFirewalledResponse(HttpServletResponse response) { return response; } private static class MyFirewalledRequest extends FirewalledRequest { MyFirewalledRequest(HttpServletRequest r) { super(r); } public void reset() {} }}然后,您可以使用以下方法进行接线:
<bean id="samlFilter" > <security:filter-chain-map request-matcher="ant"> <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/> <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/> </security:filter-chain-map> <property name="firewall"> <bean /> </property></bean>
我已经记录了一张票,可以在以后https://jira.spring.io/browse/SEC-2578透明地进行这项工作。
