WEB项目基于ADFS做了SSO,借助与Spring security saml 1.0.4 完成的配置,配置完成后,发现WEB项目发布的API接口,别的系统却无法调成功,分析原因应该是接口请求也被SSO拦截了,如何配置spring的拦截排除系统发布的api接口请求 即https://XXXXXX/openapi 一类的请求,实现接口调用不需要SSO认证。求大神指点
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/securityContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>saml</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>saml</servlet-name>
<url-pattern>/saml/web/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
spring--delegatingFilterProxy.java
protected void initFilterBean()
/* / throws ServletException
/ / {
/ 224 / synchronized (this.delegateMonitor) {
/ 225 / if (this.delegate == null)
/ / {
/ 227 / if (this.targetBeanName == null) {
/ 228 / this.targetBeanName = getFilterName();
/ / }
/ /
/ 234 / WebApplicationContext wac = findWebApplicationContext();
/ 235 / if (wac != null)
/ 236 / this.delegate = initDelegate(wac);
/ / }
/ / }
/ / }
/ /
/ / public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
/ / throws ServletException, IOException
/ / {
/ 246 / Filter delegateToUse = null;
/ 247 / synchronized (this.delegateMonitor) {
/ 248 / if (this.delegate == null) {
/ 249 / WebApplicationContext wac = findWebApplicationContext();
/ 250 / if (wac == null) {
/ 251 / throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?");
/ / }
/ 253 / this.delegate = initDelegate(wac);
/ / }
/ 255 / delegateToUse = this.delegate;
/ / }
/ /
/ 259 / invokeDelegate(delegateToUse, request, response, filterChain);
/ / }
/ /
/ / public void destroy()
/ / {
/ 264 / Filter delegateToUse = null;
/ 265 / synchronized (this.delegateMonitor) {
/ 266 / delegateToUse = this.delegate;
/ / }
/ 268 / if (delegateToUse != null)
/ 269 / destroyDelegate(delegateToUse);
/ / }
/ /
/ / protected WebApplicationContext findWebApplicationContext()
/ / {
/ 292 / if (this.webApplicationContext != null)
/ / {
/ 294 / if (((this.webApplicationContext instanceof ConfigurableApplicationContext)) &&
/ 295 / (!((ConfigurableApplicationContext)this.webApplicationContext).isActive()))
/ / {
/ 297 / ((ConfigurableApplicationContext)this.webApplicationContext).refresh();
/ / }
/ /
/ 300 / return this.webApplicationContext;
/ / }
/ 302 / String attrName = getContextAttribute();
/ 303 / if (attrName != null) {
/ 304 / return WebApplicationContextUtils.getWebApplicationContext(getServletContext(), attrName);
/ / }
/ /
/ 307 / return WebApplicationContextUtils.getWebApplicationContext(getServletContext());
/ / }
/ /
/ / protected Filter initDelegate(WebApplicationContext wac)
/ / throws ServletException
/ / {
/ 326 / Filter delegate = (Filter)wac.getBean(getTargetBeanName(), Filter.class);
/ 327 / if (isTargetFilterLifecycle()) {
/ 328 / delegate.init(getFilterConfig());
/ / }
/ 330 / return delegate;
/ / }
/ /
/ / protected void invokeDelegate(Filter delegate, ServletRequest request, ServletResponse response, FilterChain filterChain)
/ / throws ServletException, IOException
/ / {
/ 346 / delegate.doFilter(request, response, filterChain);
/ */ }