Я пытаюсь добавить расширение SAML к проекту java. Я смог запустить пример приложения с определенными настройками, которые я хотел иметь для своего приложения. Мое приложение работает весной 3.1.2, и я использую инструмент сборки ANT для создания своего проекта. Я вручную добавил все зависимости, которые требовались для SAML. Я настроил web. xml и securityContext. xml, как показано ниже. Теперь при развертывании в jboss в журналах появляются следующие ошибки:
2020-02-27 14: 28: 01,574 ОШИБКА [org.springframework.web.context.ContextLoader] (ServerService Пул потоков - 69) Ошибка инициализации контекста: org.springframework.beans.factory. xml .XmlBeanDefinitionStoreException: строка 84 в документе XML из ресурса ServletContext [/WEB-INF/securityContext.xml] недопустима; вложенным исключением является org. xml .sax.SAXParseException; номер строки: 84; номер столбца: 49; cv c -complex-type.2.4.a: Обнаружено недопустимое содержимое, начиная с элемента 'property'. Один из '{"http://www.springframework.org/schema/beans": импорт, "http://www.springframework.org/schema/beans": псевдоним, "http://www.springframework.org/schema/beans": бин, WC [## другое: "http://www.springframework.org/schema/beans"], "http://www.springframework.org/schema/beans": бобы} 'ожидается. в org.springframework.beans.factory. xml .XmlBeanDefinitionReader.doLoadBeanDefinitions (XmlBeanDefinitionReader. java: 396) в org.springframework.beans.factory. xml. 334DeefDefition .BeanDefition. в org.springframework.beans.factory. xml .XmlBeanDefinitionReader.loadBeanDefinitions (XmlBeanDefinitionReader. java: 302) в org.springframework.beans.factory.support.AbstractBeanDefine .springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions (AbstractBeanDefinitionReader. java: 209) в org.springframework.beans.factory.support. .context.support.XmlWebApplicationContext.loadBeanDefinitions (XmlWebApplicationContext. java: 125) в org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions (XmlWebAp plicationContext. java: 94) в org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory (AbstractRefreshableApplicationContext. java: 131) в org.springframework.context.Application.Context .Context по адресу org.springframework.context.support.AbstractApplicationContext.refre sh (AbstractApplicationContext. java: 436) по адресу org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext: 385 .685 .ext. web.context.ContextLoader.initWebApplicationContext (ContextLoader. java: 284) по адресу org.springframework.web.context.ContextLoaderListener.contextInitialized (ContextLoaderListener. java: 111) в io.under.containserserv.w. ApplicationListeners. java: 187) на io.undertow.servlet.core.DeploymentManagerImpl.deploy (DeploymentManagerImpl. java: 198) на org.wildfly.extension.undertow.deployment.UndertowDeploymen tService.startContext (UndertowDeploymentService. java: 100) по адресу org.wildfly.extension.undertow.deployment.UndertowDeploymentService $ 1.run (UndertowDeploymentService. java: 82) по java .util.concurrentallAdapterc. (Executors. java: 511) в java .util.concurrent.FutureTask.run (FutureTask. java: 266) в java .util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor. java: 1142 ) в java .util.concurrent.ThreadPoolExecutor $ Worker.run (ThreadPoolExecutor. java: 617) в java .lang.Thread.run (поток. java: 748) в org.jboss.threads. JBossThread.run (JBossThread. java: 320) Вызывается: org. xml .sax. SAXParseException; номер строки: 84; номер столбца: 49; cv c -complex-type.2.4.a: Обнаружено недопустимое содержимое, начиная с элемента 'property'. Один из '{"http://www.springframework.org/schema/beans": импорт, "http://www.springframework.org/schema/beans": псевдоним, "http://www.springframework.org/schema/beans": бин, WC [## другое: "http://www.springframework.org/schema/beans"], "http://www.springframework.org/schema/beans": бобы} 'ожидается. в org. apache .xerces.util.ErrorHandlerWrapper.createSAXParseException (Неизвестный источник) в org. apache .xerces.util.ErrorHandlerWrapper.error (Неизвестный источник) в org. apache .xerces.impl.XrreEportR (Неизвестный источник) в org. apache .xerces.impl.XMLErrorReporter.reportError (Неизвестный источник) в org. apache .xerces.impl.xs.XMLSchemaValidator $ XSIErrorReporter.reportError (Неизвестный источник) в org. apache .xerces.impl.xs.XMLSchemaValidator.reportSchemaError (неизвестный источник) в орг. apache .xerces.impl.xs.XMLSchemaValidator.handleStartElement (неизвестный источник) в орг. apache .xerces.impl.xs.Xmentator.me (Неизвестный источник) в org. apache .xerces.impl.XMLNSDocumentScannerImpl.scanStartElement (Неизвестный источник) в org. apache .xerces.impl.XMLDocumentFragmentScannerImpl $ FragmentContentDispatcher *dispatch (неизвестный источник). .impl.XMLDocumentFragmentScannerImpl.scanDocument (неизвестный источник) в орг. apache .xerces.parsers.XML11Configuration.parse (неизвестный источник) в орг. apache .xerces. parsers.XML11Configuration.parse (Неизвестный источник) в org. apache .xerces.parsers.XMLParser.parse (Неизвестный источник) в org. apache .xerces.parsers.DOMParser.parse (Неизвестный источник) в org. apache .xerces.jaxp.DocumentBuilderImpl.parse (Неизвестный источник) в org.springframework.beans.factory. xml .DefaultDocumentLoader.loadDocument (DefaultDocumentLoader. java: 75) в org.springframework.be6.fact. .XmlBeanDefinitionReader.doLoadBeanDefinitions (XmlBeanDefinitionReader. java: 388) ... еще 23
Вот мой веб-сайт. xml:
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Example</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/securityContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>Example</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Example</servlet-name>
<!-- <url-pattern>*.htm</url-pattern> -->
<url-pattern>/saml/web/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>javax.servlet.ServletException</exception-type>
<location>/error.jsp</location>
</error-page>
<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/WEB-INF/spring.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/spring-form</taglib-uri>
<taglib-location>/WEB-INF/spring-form.tld</taglib-location>
</taglib>
<!--taglib> <taglib-uri>/spring-commons-validator</taglib-uri> <taglib-location>
/WEB-INF/spring-commons-validator.tld </taglib-location> </taglib -->
<taglib>
<taglib-uri>/c</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/fmt</taglib-uri>
<taglib-location>/WEB-INF/fmt.tld</taglib-location>
</taglib>
</web-app>
Это my securityContext. xml:
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd"> <!-- Enable auto-wiring -->
<context:annotation-config/>
<!-- Scan for auto-wiring classes in spring saml packages -->
<context:component-scan base-package="org.springframework.security.saml"/>
<!-- Unsecured pages -->
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/logout.jsp"/>
<!-- Security for the administration UI -->
<security:http pattern="/saml/web/**" access-denied-page="/saml/web/metadata/login">
<security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
<security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>
<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<!-- Filters for processing of SAML messages -->
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
<security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
</security:filter-chain-map>
</bean>
<!-- Handler deciding where to redirect user after successful login -->
<bean id="successRedirectHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
<!--
Use the following for interpreting RelayState coming from unsolicited response as redirect URL:
<bean id="successRedirectHandler" class="org.springframework.security.saml.SAMLRelayStateSuccessHandler">
<property name="defaultTargetUrl" value="/" />
</bean>
-->
<!-- Handler deciding where to redirect user after failed login -->
<bean id="failureRedirectHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="useForward" value="true"/>
<property name="defaultFailureUrl" value="/security/unauthorizedAccess.jsp"/>
</bean>
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/jsp/login.jsp"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<!-- Register authentication manager for SAML provider -->
<security:authentication-provider ref="samlAuthenticationProvider"/>
<!-- Register authentication manager for administration UI -->
<security:authentication-provider>
<security:user-service id="adminInterfaceService">
<security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<!-- Logger for SAML messages and events -->
<bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger"/>
<property name="logAllMessages" value="true"/>
<property name="logErrors" value="true"/>
<property name="logMessagesOnException" value="true"/>
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="nalle123"/>
<constructor-arg>
<map>
<entry key="apollo" value="nalle123"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="apollo"/>
</bean>
<!-- Entry point to initialize authentication, default values taken from properties file -->
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
<bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="includeScoping" value="false"/>
</bean>
</property>
</bean>
<!-- IDP Discovery Service -->
<!-- <bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
<property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp"/>
</bean> -->
<!-- Filter automatically generates default SP metadata -->
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityBaseURL" value="https://fraudtracker.dev.cmtnonprod.awswuintranet.net/FraudTracker/"/>
<property name="entityId" value="https://fraudtracker.dev.cmtnonprod.awswuintranet.net/FraudTracker/saml/metadata"/>
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"><!-- can provide the SP extended metadata names and values here -->
<property name="idpDiscoveryEnabled" value="false"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<!-- Example of classpath metadata with Extended Metadata -->
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/idp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
</bean>
<!-- Example of HTTP metadata without Extended Metadata -->
<!-- <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
URL containing the metadata
<constructor-arg>
<value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>
</constructor-arg>
Timeout for metadata loading in ms
<constructor-arg>
<value type="int">15000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean> -->
<!-- Example of file system metadata without Extended Metadata -->
<!--
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/usr/local/metadata/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
-->
</list>
</constructor-arg>
<property name="defaultIDP" value="http://www.okta.com/exk2oenbiXUs6n5nZ4x6"></property>
<!-- OPTIONAL used when one of the metadata files contains information about this service provider -->
<!-- <property name="hostedSPName" value=""/> -->
<!-- OPTIONAL property: can tell the system which IDP should be used for authenticating user by default. -->
<!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
</bean>
<!-- SAML Authentication Provider responsible for validating of received SAML messages -->
<bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
<!-- OPTIONAL property: can be used to store/load user data after login -->
<!--
<property name="userDetails" ref="bean" />
-->
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/>
<!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
<property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
</bean>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter" class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
<property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
</bean>
<!-- Logout handler terminating local session -->
<bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false"/>
</bean>
<!-- Override default logout processing filter with the one processing SAML messages -->
<bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
<constructor-arg index="0" ref="successLogoutHandler"/>
<constructor-arg index="1" ref="logoutHandler"/>
<constructor-arg index="2" ref="logoutHandler"/>
</bean>
<!-- Filter processing incoming logout messages -->
<!-- First argument determines URL user will be redirected to after successful global logout -->
<bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
<constructor-arg index="0" ref="successLogoutHandler"/>
<constructor-arg index="1" ref="logoutHandler"/>
</bean>
<!-- Class loading incoming SAML messages from httpRequest stream -->
<bean id="processor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg>
<list>
<ref bean="redirectBinding"/>
<ref bean="postBinding"/>
<ref bean="artifactBinding"/>
<ref bean="soapBinding"/>
<ref bean="paosBinding"/>
</list>
</constructor-arg>
</bean>
<!-- SAML 2.0 WebSSO Assertion Consumer -->
<bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl"/>
<!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
<bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
<!-- SAML 2.0 Web SSO profile -->
<bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl"/>
<!-- SAML 2.0 Holder-of-Key Web SSO profile -->
<bean id="hokWebSSOProfile" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
<!-- SAML 2.0 ECP profile -->
<bean id="ecpprofile" class="org.springframework.security.saml.websso.WebSSOProfileECPImpl"/>
<!-- SAML 2.0 Logout Profile -->
<bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl"/>
<!-- Bindings, encoders and decoders used for creating and parsing messages -->
<bean id="postBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
<constructor-arg ref="parserPool"/>
<constructor-arg ref="velocityEngine"/>
</bean>
<bean id="redirectBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
<constructor-arg ref="parserPool"/>
</bean>
<bean id="artifactBinding" class="org.springframework.security.saml.processor.HTTPArtifactBinding">
<constructor-arg ref="parserPool"/>
<constructor-arg ref="velocityEngine"/>
<constructor-arg>
<bean class="org.springframework.security.saml.websso.ArtifactResolutionProfileImpl">
<constructor-arg>
<bean class="org.apache.commons.httpclient.HttpClient">
<constructor-arg>
<bean class="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
</constructor-arg>
</bean>
</constructor-arg>
<property name="processor">
<bean class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg ref="soapBinding"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="soapBinding" class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<!-- Initialization of OpenSAML library-->
<bean class="org.springframework.security.saml.SAMLBootstrap"/>
<!-- Initialization of the velocity engine -->
<bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine"/>
<!-- XML parser pool needed for OpenSAML parsing -->
<bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize">
<property name="builderFeatures">
<map>
<entry key="http://apache.org/xml/features/dom/defer-node-expansion" value="false"/>
</map>
</property>
</bean>
<bean id="parserPoolHolder" class="org.springframework.security.saml.parser.ParserPoolHolder"/>
</beans>
Пожалуйста, помогите мне с запуском моей заявки.