Я реализовал saml2.0 Security и Spring Security для существующего кода, используя докер kristophjunge / test-saml-idp (https://hub.docker.com/r/kristophjunge/test-saml-idp/). Возникла проблема с инициализацией компонента. Мы устранили ошибку версии и другие. НоЗастрял в инициализации bean. Пожалуйста, предложите.
pom.xml
<properties>
<!-- <spring.social>1.1.0.M4</spring.social> -->
<spring.version>4.0.0.M3</spring.version>
<spring-security.version>4.0.0.RELEASE</spring-security.version>
<aspectj.version>1.7.2</aspectj.version>
<apache-tiles.version>2.1.4</apache-tiles.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.6</maven.compiler.source>
<maven.compiler.target>1.6</maven.compiler.target>
</properties>
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
//@Order(1000)
public class SecurityConfig {
@Configuration
@Order(1)
public static class NoSecurityWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/dashboard").permitAll()
.antMatchers("/**").permitAll();
}
}
@Configuration
public static class SamlWebSecurityConfig extends WebSecurityConfigurerAdapter {
private String keystoreLocation = "classpath:/saml/samlKeystore01.jks";
private String keystorePassword = "secret";
private String keystoreDefaultKey = "sp";
private String keystoreDefaultKeyPassword = "secret";
private String spEntityId = "http://localhost";
private String spEntityBaseURL = "http://localhost:8090";
private String idpMetadataUrl = "http://localhost:8080/simplesaml/saml2/idp/metadata.php";
private String logoutSuccessRedirectUrl = "http://localhost:8090/welcome";
private String loginSuccessRedirectUrl = "http://localhost:8090/welcome";
private static final int RESPONSE_SKEW = 14460;
private SAMLUserDetailsServiceImpl samlUserDetailsServiceImpl;
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println(1);
http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class);
http.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
http.authorizeRequests().antMatchers("/**").hasAuthority(Authorizations.USER_AUTHORITY);
}
@Bean
@Order(1)
public MetadataGeneratorFilter metadataGeneratorFilter() throws MetadataProviderException {
System.out.println(2);
return new MetadataGeneratorFilter(metadataGenerator());
}
@Bean
public MetadataGenerator metadataGenerator() {
System.out.println(3);
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId(spEntityId);
metadataGenerator.setEntityBaseURL(spEntityBaseURL);
metadataGenerator.setRequestSigned(true);
return metadataGenerator;
}
private FilterChainProxy samlFilter() throws Exception {
System.out.println(4);
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
//chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/forms/saml/login/**"), samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"), metadataDisplayFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), samlWebSSOProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"), samlWebSSOHoKProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), samlLogoutProcessingFilter()));
return new FilterChainProxy(chains);
}
@Bean
public SAMLEntryPoint samlEntryPoint() {
System.out.println(5);
SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
webSSOProfileOptions.setIncludeScoping(false);
samlEntryPoint.setDefaultProfileOptions(webSSOProfileOptions);
return samlEntryPoint;
}
@Bean
public SAMLLogoutFilter samlLogoutFilter() {
System.out.println(6);
LogoutHandler[] logoutHandlers = {logoutHandler()};
return new SAMLLogoutFilter(successLogoutHandler(), logoutHandlers, logoutHandlers);
}
private SimpleUrlLogoutSuccessHandler successLogoutHandler() {
System.out.println(7);
SimpleUrlLogoutSuccessHandler successLogoutHandler = new SimpleUrlLogoutSuccessHandler();
successLogoutHandler.setDefaultTargetUrl(logoutSuccessRedirectUrl);
return successLogoutHandler;
}
private SecurityContextLogoutHandler logoutHandler() {
System.out.println(8);
SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
logoutHandler.setInvalidateHttpSession(false);
return logoutHandler;
}
@Bean
public MetadataDisplayFilter metadataDisplayFilter() {
System.out.println(9);
return new MetadataDisplayFilter();
}
@Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
System.out.println(10);
SAMLProcessingFilter samlProcessingFilter = new SAMLProcessingFilter();
samlProcessingFilter.setAuthenticationManager(authenticationManagerBean());
samlProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
return samlProcessingFilter;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
System.out.println(11);
return super.authenticationManagerBean();
}
private AuthenticationSuccessHandler successRedirectHandler() {
System.out.println(12);
SimpleUrlAuthenticationSuccessHandler successRedirectHandler = new SimpleUrlAuthenticationSuccessHandler();
successRedirectHandler.setDefaultTargetUrl(loginSuccessRedirectUrl);
return successRedirectHandler;
}
@Bean
public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter() throws Exception {
System.out.println(13);
SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
samlWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManagerBean());
samlWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
return samlWebSSOHoKProcessingFilter;
}
@Bean
public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
System.out.println(14);
return new SAMLLogoutProcessingFilter(successLogoutHandler(), logoutHandler());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
System.out.println(15);
auth.authenticationProvider(samlAuthenticationProvider());
}
@Bean
public SAMLAuthenticationProvider samlAuthenticationProvider() {
System.out.println(16);
SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
samlAuthenticationProvider.setUserDetails(samlUserDetailsServiceImpl);
samlAuthenticationProvider.setForcePrincipalAsString(false);
return samlAuthenticationProvider;
}
@Bean
public SAMLLogger samlLogger() {
System.out.println(17);
SAMLDefaultLogger samlDefaultLogger = new SAMLDefaultLogger();
samlDefaultLogger.setLogMessages(true);
samlDefaultLogger.setLogErrors(true);
return samlDefaultLogger;
}
@Bean
public KeyManager keyManager() {
System.out.println(18);
DefaultResourceLoader loader = new DefaultResourceLoader();
Resource keystoreResource = loader.getResource(keystoreLocation);
Map<String, String> passwords = new HashMap<>();
passwords.put(keystoreDefaultKey, keystoreDefaultKeyPassword);
return new JKSKeyManager(keystoreResource, keystorePassword, passwords, keystoreDefaultKey);
}
@Bean
@Qualifier("metadata")
@DependsOn("socketFactoryInitialization")
public MetadataManager metadata() throws MetadataProviderException, ResourceException {
System.out.println(19);
List<MetadataProvider> metadataProviders = new ArrayList<>();
metadataProviders.add(metadataProvider());
return new CachingMetadataManager(metadataProviders);
}
private MetadataProvider metadataProvider() throws MetadataProviderException, ResourceException {
System.out.println(20+"---"+idpMetadataUrl);
if (idpMetadataUrl == null || idpMetadataUrl.isEmpty()) {
System.out.println(21);
throw new MetadataProviderException("configuration property 'saml.idpMetadataUrl' has no value");
}
AbstractMetadataProvider metadataProvider;
if (idpMetadataUrl.startsWith("http:")) {
System.out.println(44);
// e.g. http://localhost:8081/simplesaml/saml2/idp/metadata.php
metadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient(), idpMetadataUrl);
} else {
System.out.println(22);
// e.g. classpath:/folder/metadata.xml or file:/folder/metadata.xml
metadataProvider = new ResourceBackedMetadataProvider(new Timer(true), getMetadataResource(idpMetadataUrl));
}
metadataProvider.setParserPool(parserPool());
return metadataProvider;
}
private static org.opensaml.util.resource.Resource getMetadataResource(String url) throws ResourceException {
System.out.println(23);
if (url.startsWith("classpath:")) {
System.out.println(24);
String classpath = url.substring("classpath:".length());
return new ClasspathResource(classpath.startsWith("/") ? classpath : "/" + classpath);
} else if (url.startsWith("file:")) {
System.out.println(25);
String filepath = url.substring("file:".length());
return new FilesystemResource(filepath);
}
throw new ResourceException("configuration property 'saml.idpMetadataUrl' has invalid value: " + url);
}
@Bean
public org.apache.commons.httpclient.HttpClient httpClient() {
System.out.println(26);
return new HttpClient(new MultiThreadedHttpConnectionManager());
}
@Bean
public SAMLContextProviderImpl contextProvider() {
System.out.println(27);
SAMLContextProviderImpl samlContextProviderImpl = new SAMLContextProviderImpl();
samlContextProviderImpl.setStorageFactory(new EmptyStorageFactory());
return new SAMLContextProviderImpl();
}
@Bean
public SAMLProcessor processor() {
System.out.println(28);
List<SAMLBinding> bindings = new ArrayList<>();
bindings.add(new HTTPRedirectDeflateBinding(parserPool()));
bindings.add(new HTTPPostBinding(parserPool(), velocityEngine()));
bindings.add(new HTTPArtifactBinding(parserPool(), velocityEngine(), artifactResolutionProfile()));
bindings.add(soapBinding());
bindings.add(new HTTPPAOS11Binding(parserPool()));
return new SAMLProcessorImpl(bindings);
}
@Bean
public VelocityEngine velocityEngine() {
System.out.println(29);
return VelocityFactory.getEngine();
}
private ArtifactResolutionProfile artifactResolutionProfile() {
System.out.println(30);
ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient());
artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding()));
return artifactResolutionProfile;
}
@Bean
public HTTPSOAP11Binding soapBinding() {
System.out.println(31);
return new HTTPSOAP11Binding(parserPool());
}
@Bean
public WebSSOProfileConsumer webSSOprofileConsumer() {
System.out.println(32);
WebSSOProfileConsumerImpl webSSOprofileConsumer = new WebSSOProfileConsumerImpl();
webSSOprofileConsumer.setResponseSkew(RESPONSE_SKEW);
return webSSOprofileConsumer;
}
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() {
System.out.println(33);
return new WebSSOProfileConsumerHoKImpl();
}
@Bean
public WebSSOProfileImpl webSSOprofile() {
System.out.println(34);
return new WebSSOProfileImpl();
}
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
System.out.println(35);
return new WebSSOProfileConsumerHoKImpl();
}
@Bean
public WebSSOProfileECPImpl ecpprofile() {
System.out.println(36);
return new WebSSOProfileECPImpl();
}
@Bean
public SingleLogoutProfile logoutprofile() {
System.out.println(37);
SingleLogoutProfileImpl logoutProfile = new SingleLogoutProfileImpl();
logoutProfile.setResponseSkew(RESPONSE_SKEW);
return logoutProfile;
}
@Bean
public static SAMLBootstrap samlBootstrap() {
System.out.println(38);
return new SAMLBootstrap();
}
@Bean
public StaticBasicParserPool parserPool() {
System.out.println(39);
return new StaticBasicParserPool();
}
@Bean
public ParserPoolHolder parserPoolHolder() {
System.out.println(40);
return new ParserPoolHolder();
}
@Bean
public TLSProtocolConfigurer tlsProtocolConfigurer() {
System.out.println(41);
return new TLSProtocolConfigurer();
}
@Bean
public MethodInvokingFactoryBean socketFactoryInitialization() {
System.out.println(42);
MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
methodInvokingFactoryBean.setTargetClass(Protocol.class);
methodInvokingFactoryBean.setTargetMethod("registerProtocol");
Object[] args = {
"https",
socketFactoryProtocol()
};
methodInvokingFactoryBean.setArguments(args);
return methodInvokingFactoryBean;
}
@Bean
public Protocol socketFactoryProtocol() {
System.out.println(43);
return new Protocol("https", socketFactory(), 443);
}
@Bean
public ProtocolSocketFactory socketFactory() {
System.out.println(44);
return new TLSProtocolSocketFactory(keyManager(), null, "default");
}
}
}
13 марта 2019 14:48:28 org.apache.catalina.core.StandardContext listenerStart SEVERE: Исключительная ситуация, отправляющая инициализированное событие контекста экземпляру слушателя классаorg.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanCreationException: Ошибка при создании компонента с именем 'metadataGenerator': сбой при внедрении автосвязанных зависимостей; вложенное исключение - org.springframework.wireeМетод: public void org.springframework.security.saml.metadata.MetadataGenerator.setSamlWebSSOHoKFilter (org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter); вложенное исключение - org.springfrec.eption: Ошибка создания bean-компонента с именем samlWebSSOHoKProcessingFilter, определенного в ресурсе пути к классу [com / tennant / configuration / SecurityConfig $ SamlWebSecurityConfig.class]: сбой при создании экземпляра bean;вложенное исключение: org.springframework.beans.factory.BeanDefinitionStoreException: метод Factory [public org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfigвложенное исключение java.lang.IllegalArgumentException: delegateBuilder не может быть пустым в org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues (AutowiredAnnotationBeanPostProcessor.java:292) в org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean (AbstractAutowireCapableBeanFactory.java: 1139) в org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean (AbstractAutowireCapableBeanFactory.java:537) в org.springframework.actyspringframework..AbstractBeanFactory.doGetBean (AbstractBeanFactory.java:295) в оrg.springframework.beans.factory.support.AbstractBeanFactory.getBean (AbstractBeanFactory.java:195) в org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletAbstractApplicationContext.finishBeanFactoryInitialization (AbstractApplicationContext.java:760) в org.springframework.context.support.AbstractApplicationContext.refresh (AbstractApplicationContext.java:482) в org.springframework.oxt_Wext.Web.springframework.web.context.ContextLoader.initWebApplicationContext (ContextLoader.java:294) в org.springframework.web.context.ContextLoaderListener.contextInitialized (ContextLoaderListener.java:10containte. ortatetetecat org.toretecat или org)..java: 5099) в org.apache.catalina.core.StandardContext.startInternal (StandardContext.java:5615) в org.apache.catalina.util.LifecycleBase.start (LifecycleBase.java:147) в org.apache.catalina.core.ContainerBase $ StartChild.call (ContainerBase.java:1571) в org.apache.catalina.core.ContainerBase $ StartChild.call (ContainerBase.java:1561) на java.util.concurrent.FutureTask.run (неизвестный источник) на java.util.concurrent.ThreadPoolExecutor.runWorker (неизвестный источник)в java.util.concurrent.ThreadPoolExecutor $ Worker.run (неизвестный источник) в java.lang.Thread.run (неизвестный источник) Причина: org.springframework.beans.factory.BeanCreationException: Не удалось автоматически подключить метод: public void org.springframework.security.saml.metadata.MetadataGenerator.setSamlWebSSOHoKFilter (org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter);вложенное исключение - org.springframework.beans.factory.BeanCreationException: ошибка создания бина с именем 'samlWebSSOHoKProcessingFilter', определенного в ресурсе пути к классу [com / tennant / configuration / SecurityConfig $ SamlWebSecurityConfig.class]: ошибка при создании объекта;вложенное исключение: org.springframework.beans.factory.BeanDefinitionStoreException: метод Factory [public org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfigВложенное исключение - java.lang.IllegalArgumentException: DelegateBuilder не может иметь значение null в org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor $ AutowiredMethodElement.inject (AutowiredAnnotationBject.rae.(InjectionMetadata.java:87) в org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues (AutowiredAnnotationBeanPostProcessor.java:289) ... еще 22 из-за причиненного вреда для возращения из-за возращения.имя 'samlWebSSOHoKProcessingFilter', определенное в ресурсе пути к классу [com / tennant / configuration / SecurityConfig $ SamlWebSecurityConfig.class]: сбой создания объекта EJB;вложенное исключение: org.springframework.beans.factory.BeanDefinitionStoreException: метод Factory [public org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfigвложенное исключение java.lang.IllegalArgumentException: delegateBuilder не может быть пустым в org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod (ConstructorResolver.java:584) в org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod (AbstractAutowireCapableBeanFactory.java: 1048) при org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance (AbstractAutowireCapableBeanFactory.java:943) в org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean (AbstractAutowireCapableBeanFactory.java:504) в орг.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean (AbstractAutowireCapableBeanFactory.java:475) в org.springframework.beans.factory.support..DefaultSingletonBeanRegistry.getSingleton (DefaultSingletonBeanRegistry.java:228) в org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean (AbstractBeanFactory.java:295) в org.springframework.beans.factory.support.AbstractBeanFactory.getBean (orbean) (5).springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates (DefaultListableBeanFactory.java:973) при org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency (DefaultListableBeanFactory.java:916) при org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency (DefaultListableBeanFactory.java:820) в org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor $ AutowiredMethodElement.inject: AutoBired_Процед.Вызывается: org.springframework.beans.factory.BeanDefinitionStoreException: фабричный метод [public org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfigВложенное исключение - java.lang.IllegalArgumentException: DelegateBuilder не может иметь значение null в org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate (SimpleInstantiationStrategy.java:188) в org.springframework..java: 573) ... еще 36. Причины: java.lang.IllegalArgumentException: DelegateBuilder не может быть нулевым в org.springframework.util.Assert.notNull (Assert.java:112) в org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter $ AuthenticationManagerDelegator. (WebSecurityConfigurerAdapter.java:432) в org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.authenticationManagerBean (WebSecurityConfigurerAdapter.java:220) в com.tennant.configuration.SecurityConfig $SamlWebSecurityConfig.authenticationManagerBean (SecurityConfig.java:234) в com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.samlWebSSOHoKProcessingFilter (SecurityConfig.java:248) в sun.reflect.NativeMethodAccessorImpl.invoke0 (нативный метод) в sun.reflect.NativeMethodAccessorImpl.invoke (неизвестный источник) в sun.reflect.DelegatingOg.jpg.Method.invoke (неизвестный источник) по адресу org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate (SimpleInstantiationStrategy.java:166)