Spring Security Logout не запускается в приложении интеграции SAML DSL + Struts
Я пытаюсь реализовать SAML Single Sing On (SSO), используя библиотеку SAML Spring Security и используя SAML DSL, как указано в примере https://github.com/spring-projects/spring-security-saml-dsl/tree/master/samples/spring-security-saml-dsl-sample для конфигурации SAML.
Выход из Spring Security не запускается, и, следовательно, я вижу, что сеанс HTTP и cookie JSESSIONID не уничтожены, поэтому после этого один и тот же сеанс HTTP повторно используется при повторном входе в систему, и, следовательно, перенаправление Okta для аутентификации не происходит. Код показан ниже. Кто-нибудь может подсказать, как настроить весенний выход из системы в этом сценарии? Спасибо
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<display-name>Maven Struts Examples</display-name>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>/WEB-INF/HelloWorld.jsp</welcome-file>
</welcome-file-list>
</web-app>
<struts-config>
<form-beans>
<form-bean name="helloWorldForm"
type="com.example.form.HelloWorldForm"/>
</form-beans>
<action-mappings>
<action path="/hello"
type="com.example.action.HelloWorldAction"
name="helloWorldForm"
parameter="login">
<forward name="success" path="/HelloWorld.jsp"/>
</action>
<action path="/logout"
type="com.example.action.HelloWorldAction"
input="/logout.jsp"
parameter="logout">
<forward name="logout" path="/logout.jsp"/>
</action>
</action-mappings>
</struts-config>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<context:component-scan base-package="com.example"/>
</beans>
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
public static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
@Value("${security.saml2.metadata-url}")
String metadataUrl;
@Autowired
private SAMLUserDetailsService userDetailsService;
/*@Autowired
private SAMLAutomaticLogout autoLogout;*/
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("in configure.....");
http
.authorizeRequests()
.antMatchers("/saml/**").permitAll()
/*.antMatchers("/logout.do/**").permitAll()*/
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.keyStore()
.storeFilePath("file://c:/apps/saml/keystore.jks")
.password("secret")
.keyname("tomcat")
.keyPassword("")
.and()
.protocol("https")
.hostname("localhost:8443")
.basePath("/StrutsExample")
.and()
.identityProvider()
.metadataFilePath("https://dev-904052.oktapreview.com/app/exkjmoqcsqZqaT0L60h7/sso/saml/metadata")
.and()
.userDetailsService(userDetailsService)
.and()
.logout()
.logoutUrl("/logout.do")
.logoutSuccessUrl("/hello.do")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
@Bean
public SAMLUserDetailsService samlUserDetailsService() {
return new SAMLUserDetailsService() {
public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
System.out.println("Login received for user {}");
return credential;
}
};
}
}
<%@taglib uri="http://struts.apache.org/tags-bean" prefix="bean"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
</head>
<body>
<h1><bean:write name="helloWorldForm" property="message" />
</h1>
<!-- <a href="logout.jsp">Logout </a> -->
<%-- <a href="<c:url value="/j_spring_security_logout" />" > Logout</a> --%>
<%-- <p> <a href="<c:url value="/saml/logout?local=true"/>"> logout </a></p> --%>
<p> <a href="<c:url value="/logout.do"/>"> logout </a></p>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Logged out</title>
</head>
<body>
<a href="hello.do">login again</a>
</body>
</html>