Java Spring Security 3.2与Spring Security SAML扩展不兼容
我有一个现有的项目,需要将SpringSecuritySAML扩展添加到我的项目中。我注意到,若我使用SpringSecurityVersion3.1,那个么它是好的,但若我将SpringSecurityVersion更改为3.2,那个么在运行project时就会出现异常 发件人:Java Spring Security 3.2与Spring Security SAML扩展不兼容,java,spring,spring-security,saml,spring-saml,Java,Spring,Spring Security,Saml,Spring Saml,我有一个现有的项目,需要将SpringSecuritySAML扩展添加到我的项目中。我注意到,若我使用SpringSecurityVersion3.1,那个么它是好的,但若我将SpringSecurityVersion更改为3.2,那个么在运行project时就会出现异常 发件人: SAML扩展的当前版本已经过测试,可以与Spring 3.1.2、Spring Security 3.1.2和OpenSAML 2.5.3一起使用。这些库的更高版本可能不经修改即可兼容。 但它并不兼容。我得到以下例外
SAML扩展的当前版本已经过测试,可以与Spring 3.1.2、Spring Security 3.1.2和OpenSAML 2.5.3一起使用。这些库的更高版本可能不经修改即可兼容。
但它并不兼容。我得到以下例外
org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from ServletContext resource [/WEB-INF/securityContext.xml]; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/web/util/matcher/AntPathRequestMatcher
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:413)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:335)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:539)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:451)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1060)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:822)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1060)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
at org.apache.catalina.core.StandardService.start(StandardService.java:525)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:759)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoClassDefFoundError: org/springframework/security/web/util/matcher/AntPathRequestMatcher
at org.springframework.security.config.http.MatcherType.<clinit>(MatcherType.java:22)
at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.createSecurityFilterChainBean(HttpSecurityBeanDefinitionParser.java:181)
at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.createFilterChain(HttpSecurityBeanDefinitionParser.java:126)
at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:99)
at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:106)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1432)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1422)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:187)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:147)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:101)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:495)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:391)
... 28 more
Caused by: java.lang.ClassNotFoundException: org.springframework.security.web.util.matcher.AntPathRequestMatcher
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)
... 40 more
例外情况是告诉您一个
配置或其部分具有模式=“/**”
,但未定义为列表中的最后一个。确保使用此模式的任何定义都声明为最后一个,否则它将始终匹配所有请求,并且系统不会尝试评估您可能定义的任何其他筛选器
如果找不到,请使用Spring安全配置更新您的问题。@Vladimír Schäfer安全上下文文件中没有此类模式。以下是
代码片段:
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/saml**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login" filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/metadata" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSO" filters="samlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/SSOHoK" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout" filters="samlLogoutProcessingFilter"/>
<security:filter-chain pattern="/saml/discovery" filters="samlIDPDiscovery"/>
</security:filter-chain-map>
</bean>
可以看出,模式是
/saml**
,而不是/**
。它是否以某种方式硬编码?您的类路径下(或pom.xml中)有jar spring安全web吗?谢谢,伙计。这就解决了我的示例应用程序的问题。请看后更新部分,请看我对你文章的回答。尝试将整个战争上传到某个地方,我可以尝试部署并排除故障。
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/saml**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login" filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/metadata" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSO" filters="samlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/SSOHoK" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout" filters="samlLogoutProcessingFilter"/>
<security:filter-chain pattern="/saml/discovery" filters="samlIDPDiscovery"/>
</security:filter-chain-map>
</bean>