Java 在Spring Security中将Azure AD配置为IDP

因此，我尝试将Azure AD用作SAML IDP，但在运行期间我不断收到以下错误：

2021-02-05 16:09:16.303 ERROR 3760 --- [nio-8080-exec-9] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP] with root cause

org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
    at org.springframework.security.saml.metadata.MetadataManager.getDefaultIDP(MetadataManager.java:795) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.context.SAMLContextProviderImpl.populatePeerEntityId(SAMLContextProviderImpl.java:157) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalAndPeerEntity(SAMLContextProviderImpl.java:127) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:146) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:203) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:177) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:133) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_271]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_271]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.14.jar:8.5.14]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_271]

2021-02-05 16:09:18.804  INFO 3760 --- [Metadata-reload] .s.m.p.AbstractReloadingMetadataProvider : Next refresh cycle for metadata provider 'file:/C:/Projects/New%20folder/saml-jwt-sample/target/classes/rtw-saml-app-1.xml' will occur on '2021-02-05T15:14:18.804Z' ('2021-02-05T16:14:18.804+01:00' local time)
2021-02-05 16:09:18.804 ERROR 3760 --- [Metadata-reload] o.o.s.m.p.AbstractMetadataProvider       : Metadata provider failed to properly initialize, fail-fast=true, halting

org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267) ~[opensaml-2.6.1.jar:na]
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236) ~[opensaml-2.6.1.jar:na]
    at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) ~[opensaml-2.6.1.jar:na]
    at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
    at java.util.TimerThread.mainLoop(Timer.java:555) [na:1.8.0_271]
    at java.util.TimerThread.run(Timer.java:505) [na:1.8.0_271]
Caused by: java.lang.NullPointerException: null
    at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112) ~[opensaml-2.6.1.jar:na]
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328) ~[opensaml-2.6.1.jar:na]
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258) ~[opensaml-2.6.1.jar:na]
    ... 9 common frames omitted

我正在使用如上所述的SAML解决方案，并怀疑问题可能是我对这些bean使用了错误的信息

    @Bean
    public MetadataGenerator metadataGenerator() {
        MetadataGenerator metadataGenerator = new MetadataGenerator();
        metadataGenerator.setEntityId("SamlJwtSampleEntityId");
        metadataGenerator.setExtendedMetadata(extendedMetadata());
        metadataGenerator.setIncludeDiscoveryExtension(false);
        metadataGenerator.setKeyManager(keyManager());
        return metadataGenerator;
    }

    @Bean
    public KeyManager keyManager() {
        ClassPathResource storeFile = new ClassPathResource("/saml-keystore.jks");
        String storePass = "samlstorepass";
        Map<String, String> passwords = new HashMap<>();
        passwords.put("mykeyalias", "mykeypass");
        return new JKSKeyManager(storeFile, storePass, passwords, "mykeyalias");
    }

@Bean
公共元数据生成器元数据生成器（）{
MetadataGenerator MetadataGenerator=新的MetadataGenerator（）；
setEntityId（“SamlJwtSampleEntityId”）；
setExtendedMetadata（extendedMetadata（））；
metadataGenerator.setIncludeDiscoveryExtension（false）；
setKeyManager（keyManager（））；
返回元数据生成器；
}
@豆子
公钥管理器密钥管理器（）{
ClassPathResourceStoreFile=新的ClassPathResource（“/saml keystore.jks”）；
字符串storePass=“samlstorepass”；
Map passwords=new HashMap（）；
密码。输入（“mykeyalias”、“mykeypass”）；
返回新的JKSKeyManager（storeFile、storePass、密码，“mykeyalias”）；
}

我基于从Azure门户下载的元数据文件和证书文件创建了一个新的jks文件，使用以下内容：

keytool-importcert-genkeypair-别名saml-app-1-keypass keypass-storepass samlstorepass-keystore saml-app-1.jks-文件saml-app-1.cer

并更新了上述代码中的密码和文件名

---

有什么建议吗？

如果您试图使用springboot向java web应用程序添加身份验证，我认为这可以帮助您，它提供了一个集成azure ad的示例

如果您想将springboot后端应用程序作为API应用程序（前端和后端分离），我有一个想法，您可以使用masl.js在前端应用程序中实现登录模块，后端应用程序只需添加过滤器来检查请求是否被同意。我曾经写过一个过滤器，如下所示

package com.example.demo;

import java.io.IOException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;

//@Component
@WebFilter(filterName = "AdHelloFilter", urlPatterns = {"/ad/*"})
public class AdHelloFilter implements Filter  {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
            throws IOException, ServletException {
        
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse= (HttpServletResponse) response;
        
        final String requestTokenHeader = httpRequest.getHeader("Authorization");
        if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
            String jwtToken = requestTokenHeader.substring(7);
            try {
                DecodedJWT jwt = JWT.decode(jwtToken);
                //judge if expired
                Date expiresAt = jwt.getExpiresAt();
                if(expiresAt.before(new Date())) {
                    Map<String, Object> errRes = new HashMap<String, Object>();
                    Map<String, Object> errMesg = new HashMap<String, Object>();
                    errMesg.put("code", "InvalidAuthenticationToken");
                    errMesg.put("message", "Access token has expired.");
                    errRes.put("error", errMesg);
                    String json = JSONObject.toJSONString(errRes);   
                    httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, json);
                    return;
                }
                //judge if has specific scope
                Claim a = jwt.getClaim("scp");
                String scope = a.asString();
                String[] scopeArr = scope.split(" ");
                List<String> scopeList= Arrays.asList(scopeArr);
                if(!(scopeList.contains("User.Read") && scopeList.contains("Mail.Read"))) {
                    Map<String, Object> errRes = new HashMap<String, Object>();
                    Map<String, Object> errMesg = new HashMap<String, Object>();
                    errMesg.put("code", "InvalidAuthenticationToken");
                    errMesg.put("message", "Unauthorized, pls add api permission");
                    errRes.put("error", errMesg);
                    String json = JSONObject.toJSONString(errRes);   
                    httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, json);
                    return;
                }
            } catch (JWTDecodeException exception){
                System.out.println("Unable to Decode the JWT Token");
            }
        } else {
            httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        filterChain.doFilter(request, response);
    }
    
    @Override
    public void init (FilterConfig filterConfig) throws ServletException{
        System.out.println("init filter");
    }
    
    @Override
    public void destroy() {}
}

package com.example.demo；
导入java.io.IOException；
导入java.util.array；
导入java.util.Date；
导入java.util.HashMap；
导入java.util.List；
导入java.util.Map；
导入javax.servlet.Filter；
导入javax.servlet.FilterChain；
导入javax.servlet.FilterConfig；
导入javax.servlet.ServletException；
导入javax.servlet.ServletRequest；
导入javax.servlet.ServletResponse；
导入javax.servlet.annotation.WebFilter；
导入javax.servlet.http.HttpServletRequest；
导入javax.servlet.http.HttpServletResponse；
导入com.alibaba.fastjson.JSONObject；
导入com.auth0.jwt.jwt；
导入com.auth0.jwt.exceptions.jwtdecode exception；
导入com.auth0.jwt.interfaces.Claim；
导入com.auth0.jwt.interfaces.DecodedJWT；
//@组成部分
@WebFilter（filterName=“AdHelloFilter”，urlPatterns={”/ad/*“}）
公共类AdHelloFilter实现过滤器{
@凌驾
公共无效doFilter（ServletRequest请求、ServletResponse响应、FilterChain FilterChain）
抛出IOException、ServletException{
HttpServletRequest httpRequest=（HttpServletRequest）请求；
HttpServletResponse=（HttpServletResponse）响应；
最终字符串requestTokenHeader=httpRequest.getHeader（“授权”）；
if（requestTokenHeader！=null&&requestTokenHeader.startsWith（“承载人”））{
字符串jwtToken=requestTokenHeader.substring（7）；
试一试{
DecodedJWT jwt=jwt.decode（jwtToken）；
//判断是否过期
dateexpiresat=jwt.getExpiresAt（）；
如果（在（新日期（）之前）到期）{
Map errRes=new HashMap（）；
Map errMesg=newhashmap（）；
errMesg.put（“代码”、“无效身份验证令牌”）；
errMesg.put（“消息”，“访问令牌已过期”）；
错误放置（“错误”，errMesg）；
字符串json=JSONObject.toJSONString（errRes）；
httpResponse.sendError（HttpServletResponse.SC_UNAUTHORIZED，json）；
返回；
}
//判断是否有具体范围
索赔a=jwt.getClaim（“scp”）；
字符串范围=a.asString（）；
字符串[]scopeArr=scope.split（“”）；
List scopeList=Arrays.asList（scopeArr）；
if（！（scopeList.contains（“User.Read”）&&scopeList.contains（“Mail.Read”））{
Map errRes=new HashMap（）；
Map errMesg=newhashmap（）；
errMesg.put（“代码”、“无效身份验证令牌”）；
错误放置（“消息”，“未授权，请添加api权限”）；
错误放置（“错误”，errMesg）；
字符串json=JSONObject.toJSONString（errRes）；
httpResponse.sendError（HttpServletResponse.SC_禁止，json）；
返回；
}
}捕获（JWTDecodeException异常）{
System.out.println（“无法解码JWT令牌”）；
}
}否则{
httpResponse.sendError（HttpServletResponse.SC_未经授权）；
返回；
}
filterChain.doFilter（请求、响应）；
}
@凌驾
public void init（FilterConfig FilterConfig）抛出ServletException{
System.out.println（“初始化过滤器”）；
}
@凌驾
public void destroy（）{}
}

您链接到的教程已经过时了，它是从2016年开始的，使用的是spring 1.5.3。目前的spring版本是2.4.2。我建议您阅读SAML的官方文档，谢谢，您知道使用当前spring版本的任何工作示例吗？对于一个知识有限的人来说，要开始一个全新的世界是极其困难的，不同的版本之间似乎非常不同。我也被限制在我的项目中使用Java 8。不，我不知道任何教程，也不允许要求提供关于堆栈溢出的教程、库等。这不是那种网站。