增加配置项，支持LB方式集成saml或者单服务模式

pom.xml

@@ -21,13 +21,13 @@
         <!--<java.version>1.8</java.version>-->
         <spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
     </properties>
-    <repositories>
-        <repository>
-            <id>keymobile</id>
-            <name>keymobile</name>
-            <url>http://139.198.127.28:18081/repository/maven-public/</url>
-        </repository>
-    </repositories>
+<!--    <repositories>-->
+<!--        <repository>-->
+<!--            <id>keymobile</id>-->
+<!--            <name>keymobile</name>-->
+<!--            <url>http://139.198.127.28:18081/repository/maven-public/</url>-->
+<!--        </repository>-->
+<!--    </repositories>-->
     <dependencies>
         <dependency>
             <groupId>com.github.ulisesbocchio</groupId>

src/main/java/com/keymobile/login/saml/ContextProperties.java

+package com.keymobile.login.saml;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@ConfigurationProperties("demo.saml.context.provider")
+@Configuration
+public class ContextProperties {
+
+    public ContextProperties() {};
+    private String schema;
+    private String serverName;
+    private String contextPath;
+    private int serverPort;
+
+    public String getSchema() {
+        return schema;
+    }
+
+    public void setSchema(String schema) {
+        this.schema = schema;
+    }
+
+    public String getServerName() {
+        return serverName;
+    }
+
+    public void setServerName(String serverName) {
+        this.serverName = serverName;
+    }
+
+    public String getContextPath() {
+        return contextPath;
+    }
+
+    public void setContextPath(String contextPath) {
+        this.contextPath = contextPath;
+    }
+
+    public int getServerPort() {
+        return serverPort;
+    }
+
+    public void setServerPort(int serverPort) {
+        this.serverPort = serverPort;
+    }
+}

src/main/java/com/keymobile/login/saml/SAMLConfig.java

@@ -12,6 +12,7 @@ import org.opensaml.xml.parse.StaticBasicParserPool;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -50,6 +51,9 @@ public class SAMLConfig {
 
     private final SamlProperties samlProperties;
 
+    @Value("${server.context-path:}")
+    private String serverContextPath;
+
     @Autowired
     public SAMLConfig(SAMLUserDetailsServiceImpl samlUserDetailsServiceImpl, SamlProperties samlProperties) {
         this.samlUserDetailsServiceImpl = samlUserDetailsServiceImpl;
@@ -201,7 +205,14 @@ public class SAMLConfig {
         // 如果为true，则生成的元数据将包含扩展名，指示其能够使用来自IDP发现服务的响应。
         generator.setIncludeDiscoveryExtension(false);
         generator.setKeyManager(keyManager);
-        generator.setEntityBaseURL("http://localhost:8089/api/auth");
+        if (samlProperties.getUseLB()) {
+            String schema = samlProperties.getContext().getSchema();
+            String ip = samlProperties.getContext().getServerName();
+            int port = samlProperties.getContext().getServerPort();
+            String contextPath = samlProperties.getContext().getContextPath();
+            String entityBaseURL = String.format("%s://%s:%s%s", schema, ip, port, contextPath);
+            generator.setEntityBaseURL(entityBaseURL);
+        }
         return generator;
     }
 
@@ -214,7 +225,11 @@ public class SAMLConfig {
         filter.setAuthenticationSuccessHandler(successRedirectHandler());
         filter.setAuthenticationFailureHandler(authenticationFailureHandler());
         // 在 IDP 登录后跳转到 SP 的地址，也就是所谓的断言消费者
-        filter.setFilterProcessesUrl("/saml/SSO");
+        String ssoProcessUrl = "/saml/SSO";
+        if (StringUtils.isNotBlank(serverContextPath)) {
+            ssoProcessUrl = serverContextPath + ssoProcessUrl;
+        }
+        filter.setFilterProcessesUrl(ssoProcessUrl);
         return filter;
     }
 
@@ -231,7 +246,7 @@ public class SAMLConfig {
     public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
         SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
         handler.setAlwaysUseDefaultTargetUrl(true);
-        handler.setDefaultTargetUrl("http://localhost:8089/center-home/menu/index");
+        handler.setDefaultTargetUrl(samlProperties.getSuccessTargetUrl());
         return handler;
     }
 

src/main/java/com/keymobile/login/saml/SAMLConfigDefaults.java

@@ -2,6 +2,7 @@ package com.keymobile.login.saml;
 
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.saml.SAMLBootstrap;
@@ -26,18 +27,47 @@ public class SAMLConfigDefaults {
         return new ParserPoolHolder();
     }
 
+    @Autowired
+    private  SamlProperties samlProperties;
+
+//    @Bean
+//    public SAMLContextProviderLB contextProvider() {
+//        SAMLContextProviderLB samlContextProviderLB = new SAMLContextProviderLB();
+//        samlContextProviderLB.setScheme(samlProperties.getContext().getSchema());
+//        samlContextProviderLB.setServerName(samlProperties.getContext().getServerName());
+//        samlContextProviderLB.setContextPath(samlProperties.getContext().getContextPath());
+//        samlContextProviderLB.setServerPort(samlProperties.getContext().getServerPort());
+//        samlContextProviderLB.setIncludeServerPortInRequestURL(true);
+//        return samlContextProviderLB;
+//    }
+
     @Bean
-    public SAMLContextProviderLB contextProvider() {
-        SAMLContextProviderLB samlContextProviderLB = new SAMLContextProviderLB();
-        samlContextProviderLB.setScheme("http");
-        samlContextProviderLB.setServerName("localhost");
-        samlContextProviderLB.setServerPort(8089);
-        samlContextProviderLB.setContextPath("/api/auth");
-        samlContextProviderLB.setIncludeServerPortInRequestURL(true);
-        return samlContextProviderLB;
+    public SAMLContextProviderImpl contextProvider() {
+        if (samlProperties.getUseLB()) {
+            SAMLContextProviderLB samlContextProviderLB = new SAMLContextProviderLB();
+            samlContextProviderLB.setScheme(samlProperties.getContext().getSchema());
+            samlContextProviderLB.setServerName(samlProperties.getContext().getServerName());
+            samlContextProviderLB.setContextPath(samlProperties.getContext().getContextPath());
+            samlContextProviderLB.setServerPort(samlProperties.getContext().getServerPort());
+            samlContextProviderLB.setIncludeServerPortInRequestURL(true);
+            return samlContextProviderLB;
+        } else {
+            return new SAMLContextProviderImpl();
+        }
     }
 
 //    @Bean
+//    public SAMLContextProviderLB contextProvider() {
+//        SAMLContextProviderLB samlContextProviderLB = new SAMLContextProviderLB();
+//        samlContextProviderLB.setScheme("http");
+//        samlContextProviderLB.setServerName("localhost");
+//        samlContextProviderLB.setServerPort(8089);
+//        samlContextProviderLB.setContextPath("/api/auth");
+//        samlContextProviderLB.setIncludeServerPortInRequestURL(true);
+//        return samlContextProviderLB;
+//    }
+
+//    @Bean
 //    public SAMLContextProviderImpl contextProvider() {
 //        return new SAMLContextProviderImpl();
 //    }

src/main/java/com/keymobile/login/saml/SamlProperties.java

 package com.keymobile.login.saml;
 
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-
+import org.springframework.context.annotation.Configuration;
 
 @ConfigurationProperties(prefix = "demo.saml")
 public class SamlProperties {
@@ -38,6 +39,38 @@ public class SamlProperties {
      */
     private char[] keyPassword;
 
+    //配置本身服务相关信息
+    @Autowired
+    private ContextProperties context;
+
+    private String successTargetUrl;
+
+    private Boolean useLB;
+
+    public void setUseLB(Boolean useLB) {
+        this.useLB = useLB;
+    }
+
+    public Boolean getUseLB() {
+        return useLB;
+    }
+
+    public void setSuccessTargetUrl(String successTargetUrl) {
+        this.successTargetUrl = successTargetUrl;
+    }
+
+    public String getSuccessTargetUrl() {
+        return successTargetUrl;
+    }
+
+    public void setContext(ContextProperties context) {
+        this.context = context;
+    }
+
+    public ContextProperties getContext() {
+        return context;
+    }
+
     public boolean useKeyStore() {
         return StringUtils.isNotBlank(keyStore);
     }
@@ -94,3 +127,4 @@ public class SamlProperties {
         this.keyPassword = keyPassword;
     }
 }
+

src/main/resources/application-local.yml

 server:
   port: 8082
+#  context-path: auth
 
 spring:
   application:
@@ -40,4 +41,17 @@ demo:
     publickeyCert: classpath:localhost.cert
    # privateKeyCert: classpath:localhost.key.der
     privateKeyCert: classpath:localhost.key.der
-    keyPassword:
\ No newline at end of file
+    keyPassword:
+    successTargetUrl: http://localhost:8089/center-home/menu/index
+    useLB: true
+    context:
+      provider:
+        schema: http
+        serverName: localhost
+        contextPath: /api/auth
+        serverPort: 8089
+
+
+
+
+

src/main/resources/idp-okta.xml

@@ -14,4 +14,4 @@
 	al2aDAp3OGp/yxMN9JaMlZsVJf9QpHWX3SL0zwnr/N1lSlzP43T13a6kENhCeBjs24iBKafyH1ZG
 	fP6+UQxCVdYyngRKiMKRJmnNf4g5n2i27CMKk+zPTYwVMOzbDQDOTdEHU3u524XwyDDpfC2Nzoll
 	ZyH4lZCjfCQPwm0MCKK+TC8hXiSZ1dMVDTDQ3n+MSmJbgul6TQXX1JCLKYu3Xbj+X1DLjvHgcSa+
-	gucO7vek44zuQ6NlJiCBNZ8HK75ZnBfbfMe/JQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-95090549.okta.com/home/dev-95090549_mairuisamldemo_1/0oa67l5t6q5hdrLNV5d7/aln67lcg0a4ZyKKiv5d7"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-95090549.okta.com/home/dev-95090549_mairuisamldemo_1/0oa67l5t6q5hdrLNV5d7/aln67lcg0a4ZyKKiv5d7"/></md:IDPSSODescriptor></md:EntityDescriptor>
\ No newline at end of file
+	gucO7vek44zuQ6NlJiCBNZ8HK75ZnBfbfMe/JQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-95090549.okta.com/app/dev-95090549_mairuisamldemo_1/exk67l5t6p2UNYn6l5d7/slo/saml"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-95090549.okta.com/app/dev-95090549_mairuisamldemo_1/exk67l5t6p2UNYn6l5d7/slo/saml"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-95090549.okta.com/app/dev-95090549_mairuisamldemo_1/exk67l5t6p2UNYn6l5d7/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-95090549.okta.com/app/dev-95090549_mairuisamldemo_1/exk67l5t6p2UNYn6l5d7/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
\ No newline at end of file