Spring Saml 不适用于最新的 Spring Security 4.0.0.RELEASE
Posted
技术标签:
【中文标题】Spring Saml 不适用于最新的 Spring Security 4.0.0.RELEASE【英文标题】:Spring Saml not working with latest Spring Security 4.0.0.RELEASE 【发布时间】:2015-06-23 16:07:31 【问题描述】:我将 Spring Security 从 3.2.5.RELEASE 升级到 4.0.0.RELEASE
我收到以下错误
javax.servlet.ServletException: Filter execution threw an exception
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:255)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.granite.messaging.webapp.AMFMessageFilter.doFilter(AMFMessageFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:613)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.NoSuchMethodError: org.springframework.security.saml.SAMLProcessingFilter.getFilterProcessesUrl()Ljava/lang/String;
at org.springframework.security.saml.metadata.MetadataGenerator.getSAMLWebSSOProcessingFilterPath(MetadataGenerator.java:533)
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:288)
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.processMetadataInitialization(MetadataGeneratorFilter.java:127)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
... 21 more
当我查看SAMLProcessingFilter
的源代码时,它调用了方法getFilterProcessesUrl()
,该方法曾经在其父类AbstractAuthenticationProcessingFilter
中定义(已弃用),现在它已被删除!
有没有办法解决这个问题,或者我必须等待 spring SAML 升级才能使用 spring-security-4.0.0.RELEASE
【问题讨论】:
【参考方案1】:你说得对,Spring Security SAML 似乎与 Spring Security 4 不兼容。我登录 SES-161 来解决它。
更新:正如 cmets 中指出的那样。该修复程序现已发布。更新到 Spring Security SAML 1.0.1.RELEASE 应该允许您使用 Spring Security 4。例如,如果您使用 Maven,请确保您的 pom 中有以下内容:
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>
更新(见上面的更新):我有 pushed a fix 进入主人。我正在尝试与项目负责人取得联系,看看他是否可以进行发布。目前最好的解决方法是 download the project 并自己构建它或使用 1.0.1.BUILD-SNAPSHOT 构建(即spring-security-saml2-core)
【讨论】:
支持 Spring Security 4 的 Spring SAML 1.0.1 版现已在projects.spring.io/spring-security-saml提供 这是需要的更改,你需要确保你的版本是 1.0.1.RELEASE<!-- Apache SAML -->
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>1.0.1.RELEASE</version>
<scope>compile</scope>
</dependency>
【讨论】:
以上是关于Spring Saml 不适用于最新的 Spring Security 4.0.0.RELEASE的主要内容,如果未能解决你的问题,请参考以下文章
wso2 spring security saml 无状态集成
是否有用于将 SAML 与 Spring Boot 应用程序集成的 Spring Boot SAML 客户端?
基于 SAML 的 SSO 用于身份验证和 LDAP 用于授权 - Spring Boot Security
Hystrix 和 Turbine 不适用于 Spring boot 2 和 Spring cloud Finchley.M8