问题
In my project I am using Java, Spring security with the SAML extension. I have a need to display the SAML token to my logs when errors occur. I have overridden SimpleUrlAuthenticationFailureHandler and have provided my own implementation. I can examine the type of exception by looking at the object passed to
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
How can I retrieve the SAML token from within the body of the onAuthenticationFailure method? The onAuthenticationFailure method is my central place to deal with errors. I want to display the SAML token in my log. I have tried statically retrieving the Authentication object:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
I was hoping to get the SAMLCredential from the Authentication object, but the above returns null for the Authentication object.
Another thing I've tried is overriding AuthenticationException and adding a custom String attribute to contain the token. The AuthenticationException is meant to be overridden to provide this kind of customization. This works only partly. I can throw my custom exceptions "after" the Spring/SAML API calls my loadUserBySAML(...) method during authentication. I would be able to store the token within my custom exception and reference it later. This works for some types of exceptions like user not found.
However, if something goes wrong before the call to loadUserBySAML (i.e. bad certificate or digest failure) , I don't have an opportunity to throw my own custom exceptions unless I override more of the Spring/SAML built-in classes. I would rather not override too many these classes especially only for logging. I'm looking for something simpler.
Is there another technique I have missed to retrieve the SAML token within the context of the onAuthenticationFailure method?
回答1:
You can autowire SAMLContextProvide in the class and get the token like follows:
@Autowired
public SAMLContextProvider contextProvider;
then in the method:
try {
SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
processor.retrieveMessage(context);
SAMLAuthenticationToken token = new SAMLAuthenticationToken(context);
SAMLMessageContext credentials = token.getCredentials();
//credentials.getPeerEntityId(); // e.g. for getting IdP entity ID
} catch (Exception e) {
errorMsg = e.getMessage();
}
``
来源:https://stackoverflow.com/questions/45639065/spring-saml-authentication-failure-handler-and-logging