Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/spring-mvc/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/github/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring Saml FilterChainProxy清除上下文-空身份验证_Java_Spring Mvc_Spring Security_Saml 2.0_Spring Saml - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring Saml FilterChainProxy清除上下文-空身份验证

Java Spring Saml FilterChainProxy清除上下文-空身份验证

java spring-mvc spring-security

Java Spring Saml FilterChainProxy清除上下文-空身份验证,java,spring-mvc,spring-security,saml-2.0,spring-saml,Java,Spring Mvc,Spring Security,Saml 2.0,Spring Saml,我有一个与Spring Saml2相关的Spring安全配置问题,这导致即使IDP成功响应,身份验证也始终为空 我正在使用spring-security-saml2-core库1.0.2.发行版与spring4.3.0.发行版和spring-security4.1.0.发行版 我有一个简单的SP,它通过SSO通过SSOCIRCE进行身份验证。身份验证工作正常,我可以看到SAMLAuthenticationProvider返回一个具有我期望的授权权限的经过身份验证的用户。到目前为止还不错 虽然身份

我有一个与Spring Saml2相关的Spring安全配置问题,这导致即使IDP成功响应,身份验证也始终为空

我正在使用
spring-security-saml2-core
1.0.2.发行版
spring
4.3.0.发行版和
spring-security
4.1.0.发行版

我有一个简单的SP,它通过SSO通过SSOCIRCE进行身份验证。身份验证工作正常,我可以看到
SAMLAuthenticationProvider
返回一个具有我期望的授权权限的经过身份验证的用户。到目前为止还不错

虽然身份验证完成后,我进入了一个
org.springframework.security.web.FilterChainProxy:180
调用以下行

SecurityContextHolder.clearContext();
我怀疑这就是我后来使用空身份验证的原因

以下是Spring安全配置:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

...

@Bean
    public SAMLAuthenticationProvider samlAuthenticationProvider() {
        SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
        samlAuthenticationProvider.setUserDetails(samlUserMappingService);
        samlAuthenticationProvider.setForcePrincipalAsString(false);
        return samlAuthenticationProvider;
    }

 @Bean
    public FilterChainProxy samlFilter() throws Exception {
        List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();

        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
                metadataDisplayFilter()));
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
                samlWebSSOProcessingFilter()));
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
                samlWebSSOHoKProcessingFilter()));
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
                samlLogoutProcessingFilter()));
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), samlIDPDiscovery()));
        return new FilterChainProxy(chains);
    }



@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().authenticationEntryPoint(samlEntryPoint());
    http.csrf().disable();
    //http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
    http.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
    http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**")
            .permitAll().anyRequest().authenticated();
    http.logout().logoutSuccessUrl("/");
}


@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(samlAuthenticationProvider()).eraseCredentials(false);

...
    }

@配置
@启用Web安全性
@EnableGlobalMethodSecurity(securedEnabled=true,Prespenabled=true)
公共类WebSecurityConfig扩展了WebSecurityConfigureAdapter{
...
@豆子
公共SAMLAuthenticationProvider SAMLAuthenticationProvider(){
SAMLAuthenticationProvider SAMLAuthenticationProvider=新的SAMLAuthenticationProvider();
samlAuthenticationProvider.setUserDetails(samlUserMappingService);
samlAuthenticationProvider.setForcePrincipalAsString(false);
返回samlAuthenticationProvider;
}
@豆子
public FilterChainProxy samlFilter()引发异常{
列表链=新的ArrayList();
add(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/login/**”)和SamlentPoint());
add(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/logout/**”)和samlLogoutFilter());
add(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/metadata/**”),
metadataDisplayFilter());
添加(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/SSO/**”),
samlWebSSOProcessingFilter());
add(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/sshok/**”),
SamlWebSShokProcessingFilter());
add(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/SingleLogout/**”),
samlLogoutProcessingFilter());
add(新的DefaultSecurityFilterChain(新的AntPathRequestMatcher(“/saml/discovery/**”),samlIDPDiscovery());
返回新的过滤器链氧(链条);
}
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http.httpBasic().authenticationEntryPoint(SamlentPoint());
http.csrf().disable();
//http.addFilterBefore(metadataGeneratorFilter(),ChannelProcessingFilter.class)
http.addFilterAfter(samlFilter(),BasicAuthenticationFilter.class);
http.authorizeRequests().antMatchers(“/”).permitAll().antMatchers(“/error”).permitAll().antMatchers(“/saml/**”)
.permitAll().anyRequest().authenticated();
http.logout().logoutSuccessUrl(“/”);
}
@凌驾
受保护的无效配置(AuthenticationManagerBuilder auth)引发异常{
auth.authenticationProvider(samlAuthenticationProvider()).eraseCredentials(false);
...
}
这是Web初始化器:

public class WebInitialiser extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[] {};
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { WebMvcConfig.class};
    }

    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        servletContext.addFilter("samlFilter", new DelegatingFilterProxy("samlFilter"))
                .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");

        super.onStartup(servletContext);
    }

}

公共类WebInitializer扩展了AbstractAnnotationConfigDispatcherServletInitializer{
@凌驾
受保护类[]getServletConfigClasses(){
返回新类[]{};
}
@凌驾
受保护的字符串[]getServletMappings(){
返回新字符串[]{”/“};
}
@凌驾
受保护类[]getRootConfigClasses(){
返回新类[]{WebMvcConfig.Class};
}
@凌驾
启动时公共void(ServletContext ServletContext)引发ServletException{
servletContext.addFilter(“samlFilter”,新的DelegatingFilterProxy(“samlFilter”))
.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST),false,“/*”;
super.onStartup(servletContext);
}
}
附加信息:我主要参考了github上以下存储库中的代码:但我没有使用Spring boot

该应用程序部署在apache-tomcat-8.0.30上,我还尝试了apache-tomcat-7.0.37。

我找到了答案。初始化上下文时,筛选器未正确注册,因此上述wierd行为无效

解决方案是创建一个类,如下所示

public class SecurityInitialiser extends SecurityWebApplicationInitializer(){}
并从
WebInitialiser
类中删除
onStartup
方法

这在Spring boot中起作用的原因是过滤器被自动扫描和注册。

我找到了答案。初始化上下文时,过滤器没有正确注册,因此上述wierd行为

解决方案是创建一个类,如下所示

public class SecurityInitialiser extends SecurityWebApplicationInitializer(){}
并从
WebInitialiser
类中删除
onStartup
方法

这在Spring boot中起作用的原因是过滤器被自动扫描和注册