我目前正在开发一个使用 Spring 的 SAML2 安全模块的项目。该项目正在使用旧的、已停产的版本,
spring-security-saml2-core 1.0.10.RELEASEspring-security-saml2-service-provider 6.1.3我能够迁移大多数组件和服务,但与密钥管理相关的类除外,特别是
JKSKeyManagerKeyManager我正在寻找
spring-security-saml2-service-provider 6.1.3JKSKeyManagerKeyManager您可以按如下方式配置您的
RelyingPartyRegistrationRepository@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
//Here I read a jks file but you can replace the default type with "PKCS12" for example
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] pwd = keyStorePassword.toCharArray();
Resource keystoreRes = new ClassPathResource(keyStoreLocation);
ks.load(keystoreRes.getInputStream(), pwd);
//Fetch the private key contained in the jks file
PrivateKey privateRSAKey = (PrivateKey) ks.getKey(keyStoreAlias, keyStorePassword.toCharArray());
//Fetch the cerrtificate contained in the jks file
X509Certificate cert = (X509Certificate) ks.getCertificate(keyStoreAlias);
//Give your certificate to spring relying party bean
RelyingPartyRegistration registration = RelyingPartyRegistrations
.fromMetadataLocation(assertingPartyMetadataLocation)
.registrationId("example")
.signingX509Credentials((c) -> c.add(Saml2X509Credential.signing(privateRSAKey, cert)))
.decryptionX509Credentials((c) -> c.add(Saml2X509Credential.decryption(privateRSAKey, cert)))
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
我也没有找到任何关于 spring 的文档来做到这一点。 这段代码可以读取您的密钥库文件,但是单独使 saml 与 spring security 6 一起工作还不够。我建议您参考此文档来实现您的过滤器以及与此
RelyingPartyRegistrationRepository