跳过Spring SAML SSO上的特定路径

在您的security-ApplicationContext.xml文件中，您必须在配置spring-security-saml时映射了类似这样的url：

<!-- Unsecured pages -->
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/logout.jsp"/>

<!-- Security for the administration UI -->
<security:http pattern="/saml/web/**" use-expressions="false">
    <security:access-denied-handler error-page="/saml/web/metadata/login"/>
    <security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
    <security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>

<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint" use-expressions="false">
    <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
    <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>

在这里，我们允许图像、css、favicon等无需登录即可使用。因此，如果您希望无需身份验证就可以使用无安全映射列表，请向其添加更多URL。