I am looking for a simple spring security configuration example (preferred Java configuration) on how I can protect my REST services with Spring-Security and SAML.
There is a web application firewall that will only send requests containing a valid SAML token, or otherwise redirect the IDP to receive it. Therefore, I do not need to look if the user is registered or redirects the user, if not, to the IDP.
The only thing I need to do is allow only authenticated requests for all REST services, read the user from the SAML token and verify that the token is associated with Airlock.
Later I need to add ACL support to get more detailed detailed user rights for certain services, but I already lost the first part of the work of integration in spring security. Any help would be appreciated :)
source
share